OPEN JOINT-STOCK COMPANY SBERBANK of RUSSIA Disclosure of Information on Accepted Risks, Procedures for Their Assessment, Manage

OPEN JOINT-STOCK COMPANY SBERBANK OF RUSSIA

Deputy Chairman of the Executive Chief Accountant - Director of Board Accounting and Reporting Division of Sberbank of Russia Sberbank of Russia V.V. Kulik M.Y. Lukyanova

______

______, 2014 ______, 2014

Disclosure of Information on Accepted Risks, Procedures for Their Assessment, Management of Risks and Capital of Sberbank of Russia Banking Group as of July 1, 2014

Moscow 2014 Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia OJSC Banking Group as of July 1, 2014.

CONTENTS LIST OF TABLES ...... 3 INTRODUCTION ...... 5 1 GENERAL INFORMATION ON SBERBANK OF RUSSIA BANKING GROUP ACTIVITIES ...... 5 1.1 General information on the parent company of Sberbank of Russia Banking Group ...... 5 1.2 Information on the lines of business of Sberbank of Russia Banking Group ...... 6 1.3 Brief information on the economic environment where Sberbank of Russia Banking Group operates ...... 6 1.4 Structure of banking group participants ...... 8 2 INFORMATION ON RISKS ACCEPTED BY THE BANKING GROUP, PROCEDURES FOR THEIR ASSESSMENT AND ARRANGEMENT OF THEIR MANAGEMENT ...... 12 2.1 Strategies of Sberbank of Russia Banking Group in risk and capital management ...... 12 2.1.1 Strategies of Sberbank of Russia Banking Group in risk management ...... 12 2.1.2 Capital adequacy management ...... 15 2.2 Structure and Organization of Operation of Subsidiaries Undertaking Risk Management within the Banking Group and Members of Sberbank of Russia Group ...... 16 2.3 Risk Identification Methods of Sberbank of Russia Banking Group ...... 21 2.4 Determining Risk Appetite of Sberbank of Russia Banking Group ...... 22 2.5 Procedure of Stress Test Application at Sberbank of Russia Banking Group for Risk and Capital Management ...... 24 3 RISK AND CAPITAL MANAGEMENT OF SBERBANK OF RUSSIA BANKING GROUP ...... 26 3.1 Capital structure and capital adequacy of Sberbank of Russia Banking Group ...... 26 3.1.1 Value and key components of capital of Sberbank of Russia Banking Group...... 26 3.1.2 Information on the value of risk-weighted assets of Sberbank of Russia ...... 28 3.1.3 Information on actual and normative values of basic capital, core capital, and equity (capital) adequacy ratio of Sberbank of Russia Banking Group ...... 29 3.2 Data on significant risks arising in the activities of Sberbank of Russia Banking Group 30 3.2.1 Credit Risk ...... 30 3.2.2 Market risk of a trading book ...... 64 3.2.3 Interest and currency risks of the banking book ...... 66 3.2.4 Operational risk ...... 70 3.2.5 Other significant risk types ...... 76 2

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia OJSC Banking Group as of July 1, 2014. 4 WAGE POLICY OF THE BANKING GROUP ...... 84 4.1 Wage Policy ...... 84 4.2 Risk-Based Remuneration System ...... 85 APPENDIX 1. LIST OF GROUP MEMBERS ACCOUNTED FOR IN MANAGEMENT COMPANY STATEMENTS ...... 86 APPENDIX 2. LIST OF GROUP MEMBERS, WHO ARE INSIGNIFICANT ACCORDING TO THE GROUP'S ACCOUNTING POLICY ...... 89 LIST OF REGULATORY DOCUMENTS ...... 92 LIST OF TERMS ...... 93 LIST OF ABBREVIATIONS ...... 94 FORECASTING COMMENTARY ...... 96

LIST OF TABLES

Table 1.1 List of Group participants ...... 8 Table 1.2 Participants of the Group, which are recognized as major participants of Sberbank of Russia Banking Group ...... 11 Table 1.3 Information on insurance companies participating in Sberbank of Russia Banking Group ...... 11 Table 2.1 List of Indicators Comprising Risk Appetite of Sberbank of Russia Banking Group .. 23 Table 2.2 List of Indicators Comprising Risk Appetite of Sberbank of Russia ...... 23 Table 3.1 Capital structure...... 28 Table 3.2 Risk-weighted assets ...... 29 Table 3.3 Capital adequacy ratios ...... 29 Table 3.4 Assets of the banking group of Sberbank of Russia, provisions for which are made individually ...... 46 Table 3.5 Provisions for possible losses on assets of the banking group of Sberbank of Russia, provisions for which are made individually ...... 48 Table 3.6 Assets of the banking group of Sberbank of Russia exposed to the credit risk, provisions for which are made on the portfolio basis ...... 50 Table 3.7 Assets of the banking group of Sberbank of Russia exposed to the credit risk, segmented by economic sectors ...... 52 Table 3.8 Assets of the banking group of Sberbank of Russia exposed to the credit risk, segmented by geographic regions...... 53 Table 3.9 Allocation of loans and advances to clients of the banking group of Sberbank of Russia depending on the terms to maturity ...... 53 Table 3.10 Allocation of loans and advances to clients of the banking group of Sberbank of Russia by loan currency ...... 54 Table 3.11 Dynamics of provisions for possible losses under loans in the portfolio of the banking group of Sberbank of Russia, RUB bln ...... 54 Table 3.12 Restructured loan portfolio of the banking group of Sberbank of Russia, RUB bln... 55

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia OJSC Banking Group as of July 1, 2014. Table 3.13 Overdue loans of the banking group of Sberbank of Russia, provisions for which are made on an individual basis ...... 56 Table 3.14 Overdue loans of Sberbank of Russia, provisions for which are made on the portfolio basis ...... 58 Table 3.15 Repayment risk on the transactions with financial derivatives for the Sberbank of Russia Banking Group, RUB mln ...... 61 Table 3.16 Market risk of a trading book for the Sberbank of Russia Banking Group ...... 66 Table 3.17 Changes in interest income resulting from a shift in the interest curve ...... 70

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia OJSC Banking Group as of July 1, 2014.

INTRODUCTION

Information in the present report is disclosed in accordance with Bank of Russia Directive No. 3080 of October 25, 2013 "On Forms, Procedure and Terms of Disclosure by Parent Banks of Banking Groups of Information on Accepted Risks and Procedures for the Risks and Capital Management Assessment". The present report is issued in addition to consolidated interim financial statements in accordance with the standards of Russian Accounting Regulations for the first half of 2014 (January 1, 2014 - June 30, 2014)1, which is disclosed at the public internet website of Sberbank of Russia www.sberbank.ru. An approved online version of this report is published on the internet public website of Sberbank of Russia www.sberbank.ru. By the decision of Sberbank of Russia, an audit of information on consolidated risks for the first half of 2014 shall not be carried out.

1 GENERAL INFORMATION ON SBERBANK OF RUSSIA BANKING GROUP ACTIVITIES 1.1 General information on the parent company of Sberbank of Russia Banking Group Sberbank of Russia Open Joint-Stock Company (hereinafter "the Bank") acts as the parent credit institution of Sberbank of Russia Banking Group. Short corporate name of the Bank: Sberbank of Russia. The Bank is registered at the following address: 19 Vavilova Street, Moscow, Russian Federation. The Bank is an open joint-stock company; it was founded in 1841 and since that time it has been operating in various forms of incorporation. The Bank is registered and has a registered address within the Russian Federation. The major shareholder of the Bank is Central Bank of the Russian Federation (Bank of Russia), which holds 52.3% of the Bank's ordinary shares as of June 30, 2014, or 50.0% plus 1 voting share of the total amount of issued Bank shares (December 31, 2013: 52.3% of the Bank's ordinary shares, or 50.0% plus 1 voting share of the total amount of issued Bank shares). The Supervisory Board of the Bank consists of representatives of the Bank's major shareholder and other shareholders, as well as independent directors. The Bank has been operating on the basis of a full banking license, issued by the Bank of Russia, since 1991. The Bank holds licenses required for the storage of and trade operations with securities and for conducting other operations with securities including broker and dealer activities, depository functions and asset management. Activities of the Bank are governed and controlled by the Bank of Russia. Foreign banks/companies of the Group operate in compliance with the legislation of their countries.

1 In cases when consolidated financial statements according to the standards of Russian Accounting Regulations do not include information required for this present report, information from abridged consolidated financial statements of Sberbank of Russia according the standards of IFRS - June 30, 2014 (disclosed on the Internet on the public website of Sberbank of Russia www.sberbank.ru) is used. 5

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia OJSC Banking Group as of July 1, 2014. 1.2 Information on the lines of business of Sberbank of Russia Banking Group The major business of the Group concerns corporate and retail banking operations. The operations include (but are not limited to) attracting deposit funds and granting commercial loans in hard currency and local currencies of the countries where the subsidiary banks are operating, as well as in Russian rubles; servicing clients in their export/import operations; conversion operations; trading in securities and derivatives. The Group operates both in the Russian and foreign markets. As of June 30, 2014 the Group operates within the Russian Federation through Sberbank of Russia, which has 16 (December 31, 2013: 17) local bank branches, 78 (December 31, 2013: 77) regional bank branches and 17,493 (December 31, 2013: 17,893) internal structural subdivisions, and also through major subsidiary companies located in the Russian Federation - Sberbank Leasing CJSC, Sberbank Capital LLC, companies of the former Group of Companies Troika Dialog and Cetelem Bank LLC (former BNP Paribas Vostok LLC). Group operations outside the Russian Federation are conducted through a network of subsidiary banks and finance companies:  subsidiary banks: in the Republic of Kazakhstan, Ukraine, the Republic of Belarus, Switzerland, Austria, the Czech Republic, Slovakia, Hungary, Croatia, Serbia, Slovenia, Bosnia and Herzegovina, Banja Luka within Bosnia and Herzegovina, Turkey, Germany and Bahrain;  financial companies: in the Republic of Kazakhstan, Ukraine, Ireland, the United States, the United Kingdom and Cyprus. Within their regions of presence, subsidiary banks offer a wide range of banking services to retail and corporate customers, perform operations in financial markets. All operations are made under licenses obtained from national regulators. Financial companies provide services within their respective specialization. Furthermore, the Bank implements a number of functions through two foreign representative offices, located in Germany and China. These representative offices do not provide banking operations directly, but they promote the Bank's business and that of its clients in the regions of its presence. Most of the Group operations are carried out within the Russian Federation. 1.3 Brief information on the economic environment where Sberbank of Russia Banking Group operates The Group operates within the Russian Federation, Turkey, CIS countries (Ukraine, the Republic of Belarus, Kazakhstan), Austria, Switzerland, and other countries of Central and Eastern Europe. Operating environment in the Russian Federation. In H1 2014, the economic environment of the Russian Federation remained under the influence of negative factors. In particular, the trends in the Russian economy have been substantially affected by events in Ukraine. Growing political uncertainty and tensions related with the crisis in Ukraine led to an expansion of economic sanctions against Russia and a lowering of Russia's sovereign rating by one of the rating agencies. However, the decline in the Russian currency and stock markets in Q1 2014 was substantially corrected during Q2 2014. As 6

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia OJSC Banking Group as of July 1, 2014. a result, in H1 2014, the Russian ruble lost 2.3% against the dual-currency basket, while the MICEX index fell by 1.8%. At the same time negative growth of financial markets has not considerably affected prices for major export goods. In July and August 2014, some countries imposed certain sectoral sanctions in respect of the Russian economy. In July 2014, The European Union (EU) applied economic sanctions against the Russian Federation and a number of finance institutions including Sberbank Group (except for subsidiary companies located in EU countries). According to these sanctions, EU residents are prohibited from directly or indirectly purchasing, selling, or providing brokerage services or assistance in the issue of, or otherwise making transactions with bonds, equity or similar financial instruments with a maturity of more than 90 days, issued after August 1, 2014 by financial institutions under sanctions. The Group's management is currently evaluating the scope of these sanctions and their impact on the financial position and results of the Group. The second important implication of geopolitical events was the deterioration of sentiment among foreign and domestic investors on the prospects of Russian financial markets, which led to continued capital outflow amounting to USD 75 billion in H1 2014 and a serious drop in aggregate investments. Both of these factors have largely contributed to a further slowdown of the Russian economy. As a result, in Q1 2014, GDP grew by 0.9% compared to Q1 2013. In Q2 2014, GDP grew by 0.8% compared to Q2 2013. Economic growth was driven by consumption, which has been further supported by the weakened ruble and rising inflation expectations, and the external trade sector, marked by a substantial improvement of the trade balance resulting both from the fall in imports and the rise of exports. The accelerating pace of consumption and the lack of income growth have noticeably reduced the ability of households to generate savings. The pace of growth in retail deposits slowed throughout Q1 2014 while the outflow of funds from deposits in the Russian banking system in general was registered in March. As a result, in H1 2014, the amount of retail deposits did not reach the level of December 2013, despite a slight improvement during Q2 2014. The pace of growth in retail lending continued to slow, reflecting a relatively high debt load of households and the increased caution of banks in issuing new loans amid the deteriorating credit quality of portfolios. The growth rate of overdue retail loans in the Russian banking system accelerated in H1 2014 and, by the end of Q2, their share in the retail loan portfolio amounted to 5.3%, as compared to 4.4% at the beginning of the year. Another consequence of the weakened ruble has been the growth in inflation expectations, as reflected in the acceleration of consumer price growth from 6.1% in January to 7.8% in June 2014. Against this backdrop, the Bank of Russia was forced to raise its key interest rate by 1.5 percentage points to 7% p.a. in March and by 0.5 percentage points to 7.5% p.a. in April. The ruble liquidity shortage, aggravated as a result of foreign exchange interventions, was largely covered by growing debt of the banking sector to the Bank of Russia, which reached new highs in H1 2014. The banking system responded to measures adopted by the Bank of Russia in H1 2014 by increasing the interest rates both for loans and customer deposits. Other jurisdictions. Besides the Russian Federation, the Group operates within CIS countries (Republic of Belarus, Kazakhstan, Ukraine), countries of Central and Eastern Europe (Austria, the Czech Republic, Slovakia, Bosnia and Herzegovina, Slovenia, Serbia, Hungary, Croatia), Turkey, Switzerland, and other countries. The difficult economic situation and 7

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia OJSC Banking Group as of July 1, 2014. problems with liquidity in many countries resulted in either a slowdown or a slight growth of GDP followed by a decline in consumption and investment activity. The major goals of local regulators involved maintaining financial stability, controlling the GDP deficit and the inflation rate. The economy of the Republic of Belarus in H1 2014 remained hyperinflationary, in accordance with IFRS (IAS) 29 "Financial reporting in the context of a hyperinflationary economy". In H1 2014 economic and political uncertainty in Ukraine increased considerably. International rating agencies downgraded the sovereign debt ratings of Ukraine. The combination of these factors caused a liquidity crisis and a tightening of conditions on the loan markets. As of June 30, 2014 the risk level of the Group with regard to investments in Ukrainian assets stood at about 0.6% of total consolidated assets (0.8% as of December 31, 2013). These investments consist of net assets of the Group subsidiary companies in Ukraine, financing extended to them, investments in corporate and debt financial instruments issued by the Ukrainian administration and corporate clients, and loans granted to them. The management monitors the current situation and takes the necessary measures. The current situation in Ukraine and its negative development in the future may adversely affect the financial performance and financial position of the Group, and, at this point, it is difficult to determine the effect of that impact. 1.4 Structure of banking group participants Organizations controlled or significantly influenced by the Bank and other participants of the Group are included in the Group for consolidation purposes according to Russian Accounting Regulations. The Group consists of subsidiary, dependent, jointly controlled and structured companies of the Bank and the Group participants indirectly controlled or significantly influenced by the Bank. Consolidated statements of Sberbank of Russia Group include statements of 103 companies as of July 1, 2014. Table 1.1 contains the list of the Group participants and methods of data consolidation used in preparing the Group statements according to Russian Accounting Regulations as of June 30, 2014. Annex 1 to this report contains the list of Group participants that are recorded in the corresponding managing companies' statements upon consolidation. Annex 2 to this report contains the list of group participants that are not recorded for consolidation purposes because they do not have a significant influence on the Group's financial results. Table 1.1 List of Group participants

No. Name of Group participant Share of Method Locations equity2, of % Consolid ation 1 Auction Limited Liability Company 0.72% full 14 Shosse Entusiastov St., Moscow, 111024

2 The share of equity (capital) (net assets) of the company in the equity (capital) of the Group, including interbank transactions of the Group participants, is determined according to the data of regulatory reporting form 0409805 as of June 30, 2014 "Analysis of Equity (Capital) and Statutory Ratios of a Banking Group". 8

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia OJSC Banking Group as of July 1, 2014. No. Name of Group participant Share of Method Locations equity2, of % Consolid ation 2 Sberbank - Automated System for 0.04% full 24/2 Trading Joint Stock Company Novoslobodskaya Street, Moscow, 127055 3 BPS-Sberbank Open Joint-Stock 0.68% full 6 Mulyavina Blvd., Company Minsk, 220005, the (group of companies) Republic of Belarus 4 DENIZBANK ANONIM SIRKETI 6.87% full Buyukdere Cad. No. (group of companies) 106, 34394, Esentepe, Istanbul 5 Derways Automobile Limited Liability 0.01% full 134B Podgornaya St., Company Cherkessk, Karachay- Cherkess Republic, 369000, Russian Federation 6 Sberbank Finance Limited Liability 0.02% full 29/16 Sivtsev Company Vrazhek Per., Moscow 119002 7 Subsidiary Bank Sberbank of Russia 1.03% full 13/1 Al-Farabi Joint-Stock Company Prospect, Bostandykskiy District, Almaty, Republic of Kazakhstan 050059 8 Krasnaya Polyana Open Joint-Stock 1.33% full 18/1 Kurortny Company Avenue, Sochi, Krasnodar Krai, 354000 9 KIPARISIANA INVESTMENT LTD 0.13% full Themistokli Dervi, 48, ATHIENITIS CENTENNIAL BUILDING, 1ST floor, Flat/Office 104 P.C. 1066, Nicosia, Cyprus 10 Manzherok Mountain Skiing Complex 0.10% full 18 Leninskaya St., Closed Joint Stock Company Manzherok village, Maiminsky District, Republic of Altai 649113 11 Mosstroyvozrozhdeniye Open Joint- 0.05% pro rata 4 Ilyinka St., Stock Company Moscow, 109012 12 Closed joint-stock company Sberbank 0.11% full 31 G Shabolovka St., Private Pension Fund Moscow, 115162 13 Cetelem Bank Limited Liability 0.69% full 26 Pravdy St., Company Moscow, 125040, 9

14 Promising Investments Limited Liability 1.13% full 46 Molodyezhnaya Company St., Odintsovo, (group of companies) Moscow Region, 143000 15 Sberbank Leasing Closed Joint-Stock 0.47% full 21 Molodyozhnaya Company St., Odintsovo, Moscow Region, 143002 16 Sberbank Investments Limited Liability 0.37% full 46 Molodyozhnaya Company St., Odintsovo, Moscow Region, 143000 17 Sberbank Capital Limited Liability 2.20% full 19 Vavilova Street, Company Moscow, 117997 18 SVK Holding Limited Liability Company 1.16% full 40 Bolshaya Ordynka St., bldg. 4, office 702D Moscow 119017 19 Sberbank (Switzerland) AG 0.47% full Freigutstrasse 16, 8002 Zurich, Switzerland 20 SB International S.a.r.l. -0.92% full 46A Avenue, J.F. (group of companies) Kennedy, L-1855, Grand Duchy Luxembourg 21 SUBSIDIARY BANK SBERBANK OF 0.73% full 46 Vladimirskaya St., RUSSIA, PUBLIC JOINT-STOCK Kiev, 01034, Ukraine COMPANY 22 Sberbank Europe AG 3.20% full 3 (group of companies) Schwarzenbergplatz, Vienna, Austria 1010 23 Rublevo-Arkhangelskoe Closed Joint- 1.82% full 5 Uspenskaya St., Stock Company Moscow Region, Krasnogorsk, 143408

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia OJSC Banking Group as of July 1, 2014. Participants of the Group, which are recognized as major participants of the banking group in compliance with criteria requirements of Bank of Russia Directive No. 3080, issued on October 25, 2013 "On Forms, Procedure and Terms of Disclosure by Parent Banks of Banking Groups of Information on Accepted Risks and Procedures for the Risks and Capital Management Assessment "3: Table 1.2 Participants of the Group, which are recognized as major participants of Sberbank of Russia Banking Group

Share of equity Share of financial No. Name of Group participant (capital) of the Group result of the Group participant participant4 1 DENIZBANK A.S. 6.87% 5.51%

Aggregate current (fair) value of Sberbank of Russia investments in the authorized capital of all insurance companies participating in the Group: RUB 1,030,963,000. Table 1.3 Information on insurance companies participating in Sberbank of Russia Banking Group

No. Name of Group participant Value of investments of Sberbank of Russia in the authorized capital of insurance company, RUB'000 1 TASK Closed Joint-Stock Insurance Company 05 2 Sberbank Insurance Company Ltd.6 1,030,963 3 Sberbank General Insurance Company Limited Liability 08 Company.7

3 Major participants of the Group - the value of equity (capital) (net assets) comes to 5 or more percent of the equity (capital) of the Group, and (or) their financial result comes to 5 or more percent of the financial result of the Group. 4 Company share of profit (loss) before taxes in the Group profit (loss) with account of adjustments, including interbank transactions of the Group participants according to the data of reporting form 0409803 "Statement of Financial Performance" as of June 30, 2014. 5 Displays 0, because the Bank does not participate in the capital of this participant directly, but through a subsidiary company. 6 On July 1, 2014 the company was renamed Insurance Company Sberbank Life Insurance LLC. 7 On July 11, 2014 the company was renamed Insurance Company Sberbank Insurance LLC. 8 Displays 0 because, as of July 1, 2014, the company had been registered but funds had not yet been deposited in its authorized capital, which is possible pursuant to current legislation. 11

2 INFORMATION ON RISKS ACCEPTED BY THE BANKING GROUP, PROCEDURES FOR THEIR ASSESSMENT AND ARRANGEMENT OF THEIR MANAGEMENT

2.1 Strategies of Sberbank of Russia Banking Group in risk and capital management

2.1.1 Strategies of Sberbank of Russia Banking Group in risk management Primary objectives of organization of the integrated risk management system as an integral part of the management process of the Bank are as follows: • ensuring sustainable development of the Bank and Group members as part of implementation of the development strategy approved by the Bank's Supervisory Board; • ensuring and protecting interests of shareholders, members, creditors, clients of the Group and other parties, accounting for the fact that the abovementioned parties are interested in continuation of sustained activities of the Group, so that risks accepted by the Group do not pose a threat to the existence of the Group and its members; • improvement of the Bank's and Group's competitive advantages as a result of: o ensuring uniform understanding of risks at the Group level and strategic planning with regard to the level of accepted risk; o improvement of the capital management efficiency and increase of the Bank's market value, including at the Group level; o maintaining sustainability when expanding the product range of members of the Group (implementation of more complex products) as a result of adequate assessment and management of accepted risks; • increase of investor confidence due to creation of a transparent risk-management system for the Group. The Group's integrated risk-management system is based on the following principles: Risk awareness. The risk-management process involves each employee of Group members. Decisions on performing any transaction are made only after comprehensive analysis of risks at the Group member level, arising in the course of such transaction. Group member employees performing transactions that are subjected to risks are aware of the risks of such transactions and perform identification, analysis and assessment of risks before performing the transactions. Regulatory documents governing the procedure of performing any and all transactions involving risks are in effect at Group member companies. Performing new banking transactions in the absence of regulatory, executive documents or corresponding resolutions of collegial bodies, regulating the procedure of their completion, is prohibited. Division of powers. Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. Management structures having no conflict of interests have been implemented at the Group member companies: at the organizational structure level, subdivisions and employees entrusted with duties for performing transactions subject to risks, accounting for such transactions, risk management and control are differentiated. Monitoring the risk level. Management of the Bank and its collegial bodies regularly receive information on the level of risks accepted by the Group and on events of violation of established risk management procedures, limits and restrictions. At the Group level as well as at the level of each Group member company, an internal control system functions, facilitating effective control over the functioning of the risk- management system of each Group member company and the Group as a whole. The need to provide for "three lines of defense". Corporate responsibility for making risk-taking decisions is established: • Risk acceptance (1st line of defense): Business subdivisions strive to achieve the optimum combination of profitability and risk, follow the established goals for development and profit/risk ratio, monitor decisions for risk acceptance, account for customers' risk profiles when performing operations/transactions, implement and manage business processes and tools, participate in risk identification and assessment processes, and adhere to requirements of internal regulatory documents, including as related to risk management. • Risk management (2nd line of defense): Functional subdivisions of Risks and Finances develop risk-management standards, principles, limits and restrictions, monitor the risk level and prepare reports, assess conformance of the risk level to the risk appetite, consult, simulate and aggregate the general risk profile. • Audit (3rd line of defense): Functional subdivisions responsible for the internal and external audit function perform independent assessment of conformance of risk-management processes to established standards and external assessment of risk-taking decisions. A combination of the centralized and decentralized approach to the Group's risk management. The Group combines the centralized and decentralized approaches to risk management. Authorized collegial bodies of the Bank for risk management establish requirements, restrictions, limits, and methods as regards risk management for regional banks and Group member companies. Regional banks and Group member companies exercise risk management within the limits for restrictions and powers established for them by authorized bodies and/or officers. Forming high-level risk committees. • Specialized high-level committees of the Bank make risk-management decisions. • The committee system has been generated with regard to the Group's business model.

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. The need to ensure independence of the Risks function. • Ensuring independence of operating units for risk assessment and analysis from subdivisions performing operations/transactions subject to risks. • Including the Risks function in the decision-making process at all levels, involvement of the Risks function in processes of both high-level strategic decision-making and operating-level risk management. • Ensuring independence of the validation function. Use of information technologies. The risk-management process is built based on the use of modern information technologies. At Group member companies, information systems are applied that permit prompt identification, analysis, assessment, management and control of risks. Continuous upgrading of risk-management systems. Group member companies constantly upgrade all risk-management elements, including information systems, procedures and methods, with regard to strategic objectives, environment changes, and innovations in global risk-management practices. Management of the Group's activities with regard to accepted risk. The Group performs assessment of the sufficiency of available (accessible) capital, meaning internal capital (hereafter, IC) for covering the accepted and potential risks. Internal capital-adequacy assessment procedures (hereafter, ICAAP) also include capital planning procedures, based on the established Group development strategy, business growth benchmarks and results of comprehensive current assessment of the abovementioned risks, stress-testing of the Bank's and Group's stability to internal and external risk factors. The Group highlights priority directions of capital development and distribution, using the analysis of risk-adjusted efficiency indices for individual subdivisions and business directions. The Group includes risk metrics in extended Business plans. Limitation of accepted risks by establishing limit values under the generated limit system. The Group has an effective system of limits and restrictions, ensuring provision of an acceptable risk level for aggregated positions of the Group. The Group's limits system possesses a multilevel structure: • total limit for the Group, established based on the risk appetite, determined according to the risk-management strategy; • limits for types of risks that are material for the Group (such as limits regarding credit and market risks); • limits for the Group member companies, structural divisions of the Group member company in charge of acceptance of risks that are material for the Group; • limits for certain borrowers (counterparties), trade portfolio tools, etc.

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. The method of risk identification, assessment and management at Group member companies is generated based on a unity of methodological approaches applied within the Group. The Group's risk-management system is based on standards and tools recommended by the Basel Committee on Banking Supervision and conforms to requirements of the world's best practices. The Bank's and the Group's risk management system must conform to requirements of the Bank of Russia as related to organization of the risk-management system and organization of internal control in credit institutions and banking groups. Primary tools of the Group's integrated risk management under the Integrated Risk- Management Policy are: • determining the Group's risk appetite, the target (expected) structure of types of risks that are material for the Group, target (maximum) levels for all material risks for the Group; • Group management with regard to the risks, based on distribution of economic capital; • formalized risk indices, their assessment and forecasting, and stress-testing of risks; • proactive analysis and multilevel reports on risks that arise.

2.1.2 Capital adequacy management In order to conform to capital adequacy standards for a banking group, the following assessment methods are used: • forecasting capital-adequacy standards; • stress-testing capital adequacy. Forecasting capital adequacy standards is the primary method of preventive identification of violations of capital adequacy standards and the basis for making administrative decisions in good time. Additionally, regular stress testing of capital adequacy is performed to analyze capital adequacy when implementing potential crisis scenarios. The following tools are used to manage capital adequacy: • business planning and the plan for capital-adequacy management; • planning of dividends and capitalization of subsidiaries; • the system of limits for capital adequacy standards. The calculation of target capital adequacy standards is an integral part of setting the target business development indicators in the process of business planning and strategic planning. Compliance of limits of capital-adequacy standards at the planning horizon is mandatory. A capital-adequacy management plan is developed annually based on the business plan, including a list of capital-management activities, target values of dividends and subsidiary capitalization.

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. 2.2 Structure and Organization of Operation of Subsidiaries Undertaking Risk Management within the Banking Group and Members of Sberbank of Russia Group In order to achieve stated objectives, integrated risk management of the Group is carried out on an integrated basis, i.e. interdependence of various types of risks is taken into account, and the method applied to risk assessment, analysis and control at various Group member companies conforms to general requirements established by the Bank's authorized collegial bodies. Risk management is a three-tier process: • The first tier of management (carried out by the Supervisory Board, the Executive Board and the Group Risk Committee of Sberbank of Russia) - overall risk management of the Group. The result of this procedure includes but is not limited to creation of requirements and limitations as regards processes of control over dedicated risk groups, processes of risk management in the Group member companies, and also definition of certain collegial bodies and structural subdivisions of the Group member companies, responsible for managing the allocated risk groups. At this tier, the Group's risk-management policies and standards of the Group are determined and established, and risk-management policies and standards of the Group member companies are approved. • The second tier of management (carried out by the Trading Risks Committee (TRC), Credit and Investments Committee (CIC), Assets and Liabilities Management Committee (ALMC) and other collegial bodies established by the Executive Board or the Group's Risks Committee (GRC)) – management of the Group's dedicated risk groups within the restrictions and requirements established at the 1st tier of management. The result of this process is, among other things, generation of requirements and limitations for specific transactions, operations, and positions causing respective types of risks. • The third tier of management (carried out by the collegial bodies and structural subdivisions of the Group member companies, determined by the Executive Board or GRC) - management of dedicated risk groups within the Group member companies within the limits of requirements and restrictions set forth at the first and second tiers of management. Profile departments for the Group risk analysis and assessment are: • risk analysis and assessment subdivisions of the Bank's "Risks" department that are, in their turn, represented by: o the subdivision carrying out risk analysis and assessment on a consolidated basis for the Group as a whole for the entire totality of risks, based on information provided by other subdivisions for risk analysis and assessment of the Bank and the Group; o subdivisions carrying out risk analysis and assessment for dedicated risk groups for the Bank and the Group as a whole, with regard to corporate 16

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. and retail credit risks of the Group, financial market operations risks (counteragent's credit risk, market risk), and operational risks of the Group; o subdivision carrying out validation of risk-assessment models; o underwriting subdivisions; • the Bank's subdivisions for risk analysis and assessment outside the Bank's "Risks" department, carrying out management of other material risks of the Group; • risk analysis and assessment subdivisions of the Group member companies (except the Bank), represented by: o the subdivision ensuring support for risk analysis and assessment procedures on a consolidated basis for the Group at the level of a Group member company; o subdivisions carrying out risk analysis and assessment for dedicated risk groups for the Group member company (corporate credit risk of the Group member company, retail credit risk of the Group member company, market and interest risks of the Group member company, and operational risk of the Group member company); o underwriting subdivisions. Objectives and powers of major collegial bodies and structural subdivisions of the Bank, involved in the Group's risk-management processes. The Supervisory Board of the Bank: • determines priority areas of the Bank’s activity; • approves large-scale transactions, non-arm's-length transactions, and related-party transactions, in cases and in the manner stipulated by effective laws. The Bank's Executive Board: • determines the Bank’s and the Group's policy in risk management, ensures conditions for its efficient implementation, organizes the risk management process in the Bank and the Group, and determines the units responsible for risk management; • establishes collective working bodies, including the Panel and Bank committees, approves provisions on them and establishes their competence, including that related to approval of the Bank’s internal documents which determine the rules, procedures, order of conducting banking and other transactions, and the procedure of interaction between structural units of the Bank’s head office and its affiliates; • approves the Bank's internal documents governing the Bank's day-to-day operations, including those determining the risk-management policy; • determines the Bank's policy for primary lines of business of the Bank and the Group; 17

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. • approves results of the Bank's risk exposure monitoring; • determines the means for implementing the Bank's priority lines of business with regard to the levels and types of risks accepted by the Bank. Group Risk Committee of Sberbank of Russia: carries out management of aggregate Group risks within the limits of the powers, requirements and limits approved by resolutions of the Bank's Executive Board, including: • approves the Group risk appetite management regulations, including the list of specific risk appetite metrics, the Group's risk appetite value, determines the connection between them, the business plan and the strategy; • distributes the risk appetite between the Group member companies, approves the structure and the level of capital adequacy of the Bank and the Group; • adopts and presents for approval to the Executive Board policies for management of dedicated risk groups (at the level of the Group or an individual Group member company); • adopts and presents for approval to the Executive Board the Provisions for the Risk Type Committees; • routinely carries out monitoring and control over the use of the Group's risk appetite; • approves objectives and determines approaches to handling problematic assets. Assets and Liabilities Management Committee of Sberbank of Russia: • carries out management of assets and liabilities of the Bank and the Group in order to maximize the Group's profit, provided that the optimum liquidity level and market risks are preserved; • carries out liquidity risk management for the Bank and the Group; • carries out bank-book risk management for the Bank and the Group, including currency, interest and market risks (except market risks attributed to the sphere of responsibility of the Trading Risks Committee); • carries out management of risk structure and risk adequacy for the Bank and the Group as part of established requirements and restrictions; • carries out monitoring and control of usage of bank-book risk limits for the Bank and the Group, including currency, interest and market risks (except market risks attributed to the sphere of responsibility of the Trading Risks Committee of Sberbank of Russia); • approves internal regulatory documents for management of dedicated risk groups: currency, interest and market risks (except market risks attributed to the sphere of responsibility of the Trading Risks Committee of Sberbank of Russia).

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. Trading Risks Committee of Sberbank of Russia: • carries out risk management of the Bank's and the Group's financial market transactions; • sets market-risk limits on trading transactions and credit-risk limits of the Bank and the Group for financial market transactions; • approves internal regulatory documents for financial market risk management based on the adopted risk appetite; • redistributes financial market transaction limits (in accordance with its powers); • monitors and controls the usage of market and credit risk limits (limiting the financial market operations risks). Credit and Investment Committee of Sberbank of Russia: • carries out management of the Bank's and the Group's credit risks (except credit risks attributed to the sphere of responsibility of the Trading Risks Committee of Sberbank of Russia); • approves credit-risk limits in accordance with powers granted to it; • approves the Bank's and the Group's general method of handling credit risks; • approves delegation of powers to Regional Banks (RB) and other committees within the limits of powers granted by GRC; • reviews and approves lending policies for the Group and Group company members for their subsequent assessment by GRC and the Executive Board, approves underwriting standards and credit processes for the Bank, approves requirements as to underwriting standards and lending processes for the Group company members (except the Bank); • makes a decision on providing the Bank's credit products to the Bank's clients, monitors quality of the Group's and the Bank's credit portfolio. Department of Risks Methodology and Control The Department of Risks Methodology and Control (DRMC) designs, implements, supports and perfects the Bank's and the Group's risk management system on a consolidated basis, on condition of fulfillment of requirements of the Bank's development strategy, requirements and recommendations of the Bank of Russia, recommendations of the Basel Committee on Banking Supervision, and world's best practices, in which connection it: • generates risk identification processes, indicators characterizing the risk level (hereafter, risk metrics), risk assessment models and procedures of the Bank and the Group; • generates risk management processes and tools for the Bank and the Group (technological regulations, systems of distribution of powers, limits systems, hedging tools, insurance tools, etc.);

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. • generates requirements for the Bank's information systems (databases, data volume, software complexes, etc.) necessary for DRMC to fulfill its objectives, participates in their implementation and testing; • ensures functioning of risk identification processes of the Bank and the Group, plays a dominant role in the Bank's risk identification processes, provides methodological support to structural subdivisions of the Group member companies as a part of risk identification processes; • evaluates and assesses the Bank's and the Group's risks, generates proposals/statements for the Governance and/or authorized employees and structural subdivisions and/or collegial bodies for risk management of the Bank and the Group; • generates a comprehensive risk reporting system and undertakes direct risk report preparation for the Bank's Management, its management bodies and other collegial bodies carrying out risk management for the Banks within the scope necessary for decision making; • generates requirements for organization of risk management systems for the Group member companies, including development and updating of internal regulatory documents (IRD) establishing unified standards and requirements for the organizational structure, distribution of powers, risk management processes and procedures, risk assessment models, reporting, etc., at the Group member companies; at the same time, the abovementioned requirements are generated based on unification of methods of the Bank and other Group member companies; • maintains control over operation of the risk management system of the Bank and the Group; assesses losses as a result of risk realization, evaluates the adequacy of risk management methods applied and updates respective IRD; • generates the policy for creation of provisions for various losses (including loan losses) in accordance with requirements of the Bank of Russia, IFRS and other requirements established in IRD; • generates requirements for procedures pertaining to documentation and methods for assessing security of counterparty obligations; • participates in the development and implementation of collection procedures for debts in arrears and problem debts; assesses the effectiveness of problem debt collection procedures. Validation department: • validates models used for risk assessment and aggregation. Internal Audit Service of the Bank: • checks and assesses the internal control system of the Bank and Group member companies, detects and analyzes issues related to its operation, assesses the efficiency of the internal control processes and procedures used;

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. • inspects completeness of application and efficiency of risk assessment methods and risk management procedures utilized at the Bank and the Group member companies; • notifies the Bank's Management of disclosed problems, risks, violations and deficiencies; • generates requirements for organization of the internal audit function of the Group member companies, including development and updating of IRD, establishing unified standards and requirements for the organizational structure, distribution of powers, internal audit processes and procedures; • maintains control over the following: o fulfillment of requirements established by the Bank for organizing the internal audit function of the Group member companies; o timely notification of the Board of Directors/Supervisory Board (Audit Committee of Sberbank of Russia) of the Group member companies by its internal audit divisions of incidents of material violation of effective laws of the Russian Federation, established rules and regulations, resolutions of the Bank's management, material faults of the internal control system, and also of the facts of the Group member company's governing bodies undertaking risks unacceptable for the Bank or utilizing control measures inadequate for the risk level. Other structural subdivisions: • perform certain risk management functions in accordance with requirements of the integrated risk management policy and other internal regulatory documents.

2.3 Risk Identification Methods of Sberbank of Russia Banking Group The Group applies a regular risk identification system. This procedure is applied on an annual basis (in the first quarter of each year) based on the unified risk materiality assessment method. All divisions of the Bank responsible for management of credit risk, operational risk, market risk (trading and bank book risks), liquidity risk, compliance risk, legal risk, regulatory risk, strategic and business risk, fiscal risk, goodwill loss risk, and risk of losses due to real- estate value fluctuations all participate in the risk identification process. The materiality of the Group member companies' risks is assessed independently by Group member companies and later examined by the abovementioned divisions of the Bank. The list of materiality of risks as a whole for the Group is determined on a consolidated basis, with regard to assessment of risk materiality for the Bank and Group member companies. The final list of material risks for the Group as a whole is approved by the Group's CRO and GRC. The report on the Group's risk identification and materiality assessment is approved by the Group's CRO and presented to GRC for consideration. Based on results of their consideration, GRC approves the list of risks that are material for the Group. In 2014, the Group's risks were identified for the entire range of Group members. Based on its results, the following material risks have been determined: credit risks of corporate and 21

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. retail customers (credit risk of migration, concentration risk (in terms of credit risk), residual risk, counterparty's financial market operations risks), financial institutions' credit risks, country risk, market risks of financial market transactions, ALM risks (currency and interest-rate risks of the banking book), risk of losses due to changes in the value of real estate, operational risk, legal risk, compliance risk, liquidity risk, goodwill loss risk, strategic risk, models risk, regulatory risk, and fiscal risk. Definitions of risk types considered material for the Group are offered in respective sections of Chapter 3.2. Data on significant risks arising in the activities of Sberbank of Russia Banking Group of this report.

2.4 Determining Risk Appetite of Sberbank of Russia Banking Group In order to limit the Group's exposure to risks, the concept of Risk Appetite (RA) has been developed. The Group's RA is defined as a system of indicators characterizing the risk level the Group is capable and/or willing to undertake when ensuring target profitability for its shareholders in accordance with strategic plans. The maximum risk level is deemed the risk level of the Group, where standards and regulatory requirements established by the Group's internal documents are fulfilled, and there is no need to take measures to reduce the risk level. Risk Appetite is predominantly aimed at involvement of members of the Executive Board and the Supervisory Board in management of the risky nature of business performed, being an integral business-decision making tool as part of business planning processes and performance of the Group's operating activities. The Group's RA is established using the following principles: • The Group's RA contains restrictions for all main, existing risks. • The Group's RA does not include target values for the level of administrative and management expenses, determined in the course of business planning. • The Group's RA is developed based on the Group's strategy and business plan, with regard to expert opinions of the Executive Board members and experts in the sphere of risks regarding the acceptable risk level within the planning horizon, taking in account the current and estimated macroeconomic situation. When determining RA indicators, the following requirements and limits are taken into account: • conformance of indicators to Risk Appetite objectives established by the Group's Integrated Risk Management policy; • effectiveness of indicators as a risk limitation measure with regard to their historical dynamics; • sufficiency of the coverage of RA indicators of the Group's material risks revealed in the course of risk identification and materiality assessment (with regard to the Group's business structure and impact of the environment); • conformance of the indicators to existing and prospective regulatory requirements.

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. Risk Appetite is determined by establishing maximum risk metrics values, characteristic of the risk level, for which a quantitative assessment can be given. RA is established at two levels: the Group and each Group member. Through the system of limits, Group RA indicators are brought to the notice of Group members to ensure conformance of the Group members' risk profiles to the Group's strategy. The final project of the Group Risk Appetite, pre-approved by GRC, is subject to approval by the Bank's Executive Board and Supervisory Board. As of July 1, 2014, the Risk Appetite of the Group (Table 2.1) and the Bank (Table 2.2) was approved. Simultaneously with approval of the Group's and Bank's RA9, the quarterly procedure of observance of RA-imposed limitations was implemented. Bank subdivisions responsible for calculation of RA risk metrics calculate risk metrics and, in the event of RA violation, perform analysis of the causes and develop a proposal for a set of measures to eliminate the violations. Measures for elimination of RA violations are reviewed and approved by committees governing the respective dedicated risk groups. Final results of RA monitoring are sent to GRC for approval.

Table 2.1 List of Indicators Comprising Risk Appetite of Sberbank of Russia Banking Group

Indicator

Target credit rating Standard N20.1 Standard N20.2 Standard N20.0 Adequacy of available financial resources (AFR10/EC11) Net profit volatility Net interest income volatility NPL90+ 1-day VaR of the trading book with 99% confidence probability LDR- Relation of the net lending portfolio to the volume of customer funds raised

Table 2.2 List of Indicators Comprising Risk Appetite of Sberbank of Russia

Indicator

Target credit rating AFR/EC adequacy

9 Starting from Q4 2012 10 AFR – available financial resources 11 EC – economic capital 23

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014.

Indicator

RWA increase Net profit volatility Net interest income volatility12 EC share of the corporate unit's credit risk EC share of the retail unit's credit risk NPL90+ of the corporate portfolio NPL90+ of the retail portfolio EL of the corporate portfolio EL of the retail portfolio Concentration limit for Top 20 of the group of related borrowers SNL limit, the share of the total volume of the bank's credit claims to a borrower liable to the bank under credit requirements or the group of related borrowers within the Bank's total capital VaR Stop-loss Share of EC risks in ALM Current liquidity ratio N3 Long-term liquidity ratio N4 Relation of the net lending portfolio to the volume of customer funds raised (LDR) Standard N1.1 Standard N1.2 Standard N1.0 Share of operational losses in the Bank's expenses

2.5 Procedure of Stress Test Application at Sberbank of Russia Banking Group for Risk and Capital Management In order to determine the Bank's exposure to the possible influence of external and internal shocks, a routine procedure of stress testing of the Group and the Bank is implemented. Stress is understood to mean the change of macroeconomic factors having a negative impact on the Group's status. Upward or downward stress testing is performed as a part of the group-wide process. Centralized group-wide upward stress testing is understood to mean calculation of parameters of the Group's operations (parameters of credit portfolios, trading and bank books,

12 NII - Net interest income 24

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. liquidity, etc.) in conditions of hypothetical stress, separately for each risk category, with subsequent aggregation. In this way, in the course of group-wide stress testing, the effect of stress significant for the Group as a whole is assessed. Downward stress testing is understood to mean calculation of parameters of the Group's operations in conditions of probable stress. Business plan scenarios can be utilized as downward stress-testing scenarios (as part of aggregation and risk metrics calculation for business planning purposes). Stress testing is conducted based on stress scenarios having the following characteristics:  Plausibility: significant probability of scenario fulfillment must exist within a three-year time horizon. Scenario fulfillment probability undergoes expert evaluation; minimum scenario fulfillment probability – 5%.  Materiality: losses from scenario fulfillment must be material for the Group. The minimum acceptable amount of losses – 0.1% of the Group's first-level capital (as evaluated by an expert).  Simplicity: possibility of scenario formalization using macro-factors. Stress testing is carried out based on historical or hypothetical scenarios:  A historical scenario is a significant event that took place in the past and led to realization of one or several Group risks at a scale materially exceeding estimations of standard probability models.  A hypothetical scenario is the simulation/modeling of a significant event that did not take place in the past but could lead to realization of one or several Group risks at the scale materially exceeding estimations of standard probability models. To determine the list of stress-testing scenarios, a two-stage selection is conducted. The initial selection is performed in relation to new scenarios, i.e. scenarios that have not passed the initial selection before. During initial selection, qualitative ratings of the probability of realization and losses of the Group are used, assigned to new scenarios by their authors. In the course of secondary selection, not more than 5 scenarios shall be selected. If there are more than 5 suitable scenarios, then 5 scenarios with the highest estimates of expected Group losses are shortlisted. The selected scenarios must cover the largest number of material risks of the Group. Scenarios that pass secondary selection are subject to approval by DRMC Director and further testing. Stress-testing results are aggregated based on risk types. As a result of aggregation of upward stress-testing results, three groups of indicators of the Group's performance under stress are generated: • Group's losses under stress (stress losses); • Group's capital adequacy parameters; • Group's performance indicators with regard to risk.

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. As a result of aggregation of downward stress-testing, groups of indicators of the Group's performance are generated, including: • risk metrics for the business planning process; • profitability indicators with regard to the risk; • regulatory and economic capital.

Final control of the upward stress-testing process is carried out by GRC. Upon approval of the Consolidated Report, GRC confirms that stress testing has been completed in accordance with the Bank's internal methods, and the report's contents conform to requirements listed in them. Final control of the downward stress-testing process is carried out by the DRMC Director who, upon approval of the Consolidated report, confirms that stress testing has been completed in accordance with the Bank's internal methods, and the report's contents conform to requirements listed therein.

3 RISK AND CAPITAL MANAGEMENT OF SBERBANK OF RUSSIA BANKING GROUP 3.1 Capital structure and capital adequacy of Sberbank of Russia Banking Group

3.1.1 Value and key components of capital of Sberbank of Russia Banking Group The value of regulatory capital under the requirements of Basel III with regard to the Banking Group is calculated in conformity with Directive No. 3090-U of the Bank of Russia and Regulation No. 395-P of the Bank of Russia. Pursuant to Clause 1.4 of Directive No. 3090-U of the Bank of Russia the reporting data of the head credit institution of the banking group and participants of the banking group are included in the calculation of capital adequacy of the banking group based on the following reports: 1) for resident credit institutions, pursuant to individual reports 0409123 "Calculation of the equity (capital) (Basel III)", prepared in accordance with the requirements of Directive No. 2332-U of the Bank of Russia; 2) for resident non-credit institutions pursuant to the reporting data of the forms of accounting (financial) statements established by Resolution No. 66n of the Ministry of Finance dated July 2, 2010; 3) for non-residents based on the statements that are submitted pursuant to the requirements established by the Accounting Policy of Sberbank of Russia Banking Group. The requirements of Basel III establish three levels of capital: basic, principal and general. The main sources of the basic capital of Sberbank of Russia Banking Group are the Share Capital formed of equity stock (RUB 236.77 billion) and retained earnings (RUB 1502.21 billion). Intangible assets and investment in equities of financial companies reduce the basic capital in the amount of (RUB 12.64 billion).

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. Currently, Sberbank of Russia Banking Group does not have at its disposal any sources of additional capital (perpetual subordinated loans or perpetual subordinated bonds). The additional capital of Sberbank of Russia Banking Group is formed at the expense of equity stock from the capitalization of asset revaluation (RUB 59 billion), current year earned surplus (RUB 161.07 billion), increase in value of assets due to revaluation (RUB 81.97 billion), and subordinated loans. The preference shares of Sberbank of Russia Banking Group included in the sources of additional capital do not satisfy the requirements of Basel III as regards preference shares and, for this reason, shall be written off on a phased basis from 2013 pursuant to Clauses 3.1.1 and 8.2 of Regulation No. 395-P of the Bank of Russia. The amount of the preference stock considered in the additional capital of the banking group amounts to RUB 40 million as of July 1, 2014. As of July 1, 2014, the total sum of the subordinated loans granted by Sberbank of Russia Banking Group is RUB 419.628 billion, including the most material: • RUB 300 billion are the subordinated loans of the Bank of Russia granted to Sberbank of Russia pursuant to Federal Law No. 173-FZ "On additional measures aimed at supporting the financial system of the Russian Federation". Subordinated loans were raised in 2010 and do not satisfy the requirements of Basel III (they are subject to exclusion on a phased basis from the calculation of the capital amount from 2018, pursuant to Clauses 3.1.8 and 8.2.1 of Regulation No. 395-P of the Bank of Russia); • USD 2 billion are subordinated bonds issued by Sberbank of Russia in October 2012 that do not satisfy the requirements of Basel III (subject to exclusion on a phased basis from the calculation of capital amount from 2013 pursuant to Clauses 3.1.8 and 8.2.1 of Regulation No. 395-P of the Bank of Russia); • USD 1 billion are subordinated bonds issued by Sberbank of Russia in May 2013 that satisfy the terms of Basel III. The subordinated bonds of Sberbank of Russia in the amount of USD 1 billion contain loss absorption terms. Subordinated credit is written off to income or converted into ordinary shares, if: 1) the ratio of the basic capital of Sberbank of Russia is reduced by 2 percent as of the reporting date, or 2) Deposit Insurance Agency implements measures to prevent the bankruptcy of Sberbank of Russia in accordance with Federal Law "On Additional Measures to Increase the Stability of the Banking System until December 31, 2014" dated October 27, 2008 (with the subsequent amendments and supplements).

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. Table 3.1 Capital structure

Data as of July 1, 2014, Indicator RUB billion

Basic capital, in total 1,669.342 Basic capital, in total 1,669.342 Equity (capital), in total 2,397.500 Data of "Calculation of equity (capital) and values of statutory ratios of the banking group" Reporting Form (form code pursuant to OKUD 0409805) as of July 1, 2014.

3.1.2 Information on the value of risk-weighted assets of Sberbank of Russia Pursuant to Clause 1.4 of Directive No. 3090-U of the Bank of Russia, the reporting data of the head credit institution of the banking group and participants of the banking group are included in calculating the capital adequacy of the banking group based on the following reports: 1) for resident credit institutions, based on individual statements 0409135 "Information on statutory ratios and other indicators concerning the activity of a credit institution" prepared in accordance with the requirements of Directive No. 2332-U of the Bank of Russia; 2) for resident non-credit institutions pursuant to the reporting data of the forms of accounting (financial) statements established by Resolution No. 66n of the Ministry of Finance dated July 2, 2010; 3) for non-residents based on the statements that are submitted pursuant to the requirements established by the Accounting Policy of Sberbank of Russia Banking Group. Value of risk-weighted assets includes credit risk, market risk and operational risk. The procedure for calculating risk-weighted assets of the banking group is set by normative documents of the Bank of Russia: • the general procedure for calculating risk-weighted assets with regard to the banking group is defined in Directive No. 3090-U of the Bank of Russia "On calculating the equity (capital), statutory ratios and open foreign exchange position limits of banking groups"; • the procedure for calculating credit risk is determined in Bank of Russia Guidelines No. 139-I “On statutory ratios for banks”; • the procedure for calculating market risk pursuant to Regulation No. 387 of the Bank of Russia "On the procedure for market risk calculation by credit institutions"; • the procedure for calculating operational risk pursuant to Regulation No. 346-P of the Bank of Russia "On the procedure for operational risk calculation by credit institutions".

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. Table 3.2 Risk-weighted assets

Amount – Total as of Name July 1, 2014 (RUB bln) Amount of risk-weighted assets for 19,995.667 calculating indicator Н1.1 Amount of risk-weighted assets for 19,995.667 calculating indicator Н1.2 Amount of risk-weighted assets for 20,077.222 calculating indicator Н1.0 Data of "Calculation of equity (capital) and values of statutory ratios of the banking group" Reporting Form (form code pursuant to OKUD 0409805) as of July 1, 2014.

3.1.3 Information on actual and normative values of basic capital, core capital, and equity (capital) adequacy ratio of Sberbank of Russia Banking Group Directive No. 3090-U of the Bank of Russia establishes the procedure for calculating standards of capital adequacy for a banking group in accordance with Basel III. The limits for the standards of capital adequacy for a banking group are determined in Clause 3.5 of Directive No. 3090-U of the Bank of Russia: • the standard of basic capital adequacy ratio (Н20.1) – min. 5% (a conversion trigger for perpetual subordinated loans – 5.5% in accordance with the requirements of the Regulation No. 395-P of the Bank of Russia); • the standard of core capital adequacy ratio (Н20.2) – min. 5.5% (since January 1, 2015 – 6%); • the standard of total capital adequacy ratio (Н20.0) – min. 10%. As of July 1, 2014, the standards of capital adequacy of Sberbank of Russia Banking Group estimated pursuant to the requirements of Regulation No. 395-P of the Bank of Russia are performed with a belt-and-braces approach.

Table 3.3 Capital adequacy ratios

Actual value as of July Name Standard short name 1, 2014, % Total capital adequacy Н20.0 11.94 ratio Basic capital adequacy Н20.1 8.35 ratio Core capital adequacy ratio Н20.2 8.35

Data of "Calculation of equity (capital) and values of statutory ratios of the banking group" Reporting Form (form code pursuant to OKUD 0409805) as of July 1, 2014.

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. 3.2 Data on significant risks arising in the activities of Sberbank of Russia Banking Group

3.2.1 Credit Risk

3.2.1.1 Credit risk management policy Credit risk means the risk of losses of the Group that are incurred due to the failure to perform, or a delay in performance, or incomplete performance by a counterparty of financial liabilities to the Bank and/or member of the Group under a contract. The above financial liabilities may include a debtor's liabilities for: obtained loans, including interbank loans, bonds, other placed assets, including a request for obtaining (returning) debt securities; shares and bills granted under a loan agreement; discounted bills, bank guarantees, when the funds paid by an entity were not compensated by the principal; transactions in financing against money claim cession (factoring), rights (demands) obtained under a transaction (claim cession); instruments of pledge acquired on the secondary market; transactions of sale (purchase) of financial assets with deferred payment (supply of financial assets); paid letters of credit (including uncovered letters of credit; return of money (assets) under a transaction for the purchase of financial assets with the obligation of their inverse condemnation; claims of the credit institution (lessor) under transactions of financial lease (leasing). Credit risk group includes the following major types of risks:  Credit risk of migration is a risk of losses related to full or partial loss of the value of financial assets (for example, credit, debt securities) due to default or decrease of the contractor’s credit quality (migration); in the context of this kind of risks default is the extreme case of migration.  Risk of concentration (as regards credit risk) is a risk related to:  provision of large loans to a single borrower or groups of related borrowers;  concentration of debts in separate areas of the economy, segments, portfolios or geographic regions, etc.;  concentration of investments in securities within separate areas of geographic regions;  other liabilities making them vulnerable to the same economic factors.  Counterparty risk in financial market operations – the risk relating to the counterparty's unwillingness or inability to perform obligations under the transaction completely or partially. Counterparty risk is a type of mutual exposure under futures deals, which can vary over time in response to market trends or fluctuations in the price of underlying assets. Counterparty risk has two components: – pre-settlement risk, which is the risk of incurring losses due to a counterparty's possible default on a transaction during the effective term of the transaction; – settlement risk, which is the risk of losses due to the counterparty's default after the Bank's or other Group Participant's fulfillment of obligations under the contract or agreement (by providing cash, securities and other assets) on the date of mutual settlements.

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014.  Residual risk is the risk arising due to the fact that the methods of risk mitigation used by the Bank can fail to produce the desired effect due to implementation in relation to the security, for example legal risk and liquidity risk. In crediting foreign counterparties a national economy risk and13 a transfer risk may arise14. The definition and provision of the risk level necessary to ensure the sustainable development of the Bank and Group participants and as defined by the development strategy of the banking group, as well as macroeconomic parameters, is the purpose of the management of credit risks as a part of the system of integrated risk management of the Group. The tasks of the Group in credit risk management are:  realization of a systematic approach to credit risk management, optimization of the branch, regional and product structure of the Group credit portfolios, to limit the level of credit risk;  the increase of the competitive advantages of the Group through a more precise assessment of adopted risks and realization of measures in credit risk management, including measures ensuring the preservation or reduction of realized credit risks level;  the preservation of stability when expanding the product line of Group participants (implementing more complicated products) as a result of adequate assessment and management of adopted risks, particularly credit risks. The policy realized by the Group in credit risk management is implemented within the scope of the system of integrated risk management. The Group's integrated risk management system is organized pursuant to the principles of integrated risk management, as well as the following principles:  both the Bank's and the Group's use of advanced credit risk management methods and instruments developed based on unified approaches for building the integrated processes of crediting that are standardized to the greatest possible extent in view of client segmentation by risk profile, and minimizing the number of process participants through the centralization and automation of processes;  objectivity, specificity, and accuracy of credit risk evaluation, use of accurate actual and statistical information;  integration of the credit risk management process with the organizational structure of the Bank and the Group members;  using the unified rules of distribution and division of powers on credit risk management based on a combination of centralized and decentralized approaches for all the Group's members;  independence of subdivisions performing evaluation and control of credit risks from subdivisions initiating transactions with credit risks, including:

13 Risk of national economies is a loss risk concerning the inability or unwillingness of a sovereign counterparty of a specific country, and the impossibility of other counterparties of this country to satisfy their obligations in national currency for reasons that differ from standard risks (for reasons that depend on the government of the country, not the counterparty). 14 Transfer risk is a risk of losses because of the inability of the counterparties of a specific country (except sovereign counterparties) to satisfy their obligations in a currency that differs from the currency of the counterparty's country, for reasons other than standard risks (for reasons that depend on the government of the country, not the counterparty). 31

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014.  the obligation to fix methodologies, rules and processes of risk assessment in IRD of the Bank and Group participants;  the system of credit risk management of the Group satisfies the requirements of the Bank of Russia/Banking regulator (for credit institutions participating in the Group and operating outside the Russian Federation) and the requirements of Russian laws and/or the laws of countries where the Group participants operate;  control and limitation of risks, as well as control of the Bank's expected losses due to default of a borrower/group of related borrowers are performed by means of the Bank's system of limits. The Bank and participants of the Group apply the following primary methods of credit risk management:  preventing credit risk by identification, analysis and evaluation of potential risks at the stage preceding operations exposed to credit risk;  implementation of unified processes of risk evaluation and identification;  planning of the credit risk level by evaluating the level of expected losses;  limiting the credit risk by setting the limits and/or limiting the risk;  structuring of transactions;  transaction collateral management;  using the system of powers for decision-making;  covering (reducing the level) of credit risk by accumulating adequate provisions;  monitoring and controlling the level of credit risk. The risk control and limitation, as well as control of the expected losses of the Bank and Group participants as a consequence of the default of the Borrower/group of related Borrowers are performed with the help of the system of limits that functions for each business line. The scope of the established limit is determined by the level of the Borrower's risk that is estimated based on the valuation of the financial and non-financial (quality) status of this Borrower. The indicators of market and outside influence, characteristics of management quality, assessment of business standing and other factors are used as non-financial factors. As part of corporate credit risks, in order to manage the credit risk, a multi-level system of limits was developed. It is used to limit the risk of lending operations and operations in the financial markets. The SNL limit (Single Name Limit) or "individual limit", which enables control over the expected losses of the Bank and the Group members as a result of default of the Borrower/group of related Borrowers, is top-level for both the system of credit risk limits as regards lending operations and the system of credit risk limits for operations in the financial markets. Country risk limits are separately identified. Their purpose is to restrict and manage risks assumed by the Group in respect of individual countries. Country risk limits are structural risk limits that restrict the geographical concentration of the Group's risks (other than risks in the Russian Federation) and do not restrict the risks of transactions with individual counterparties. The task of the Group members in the management of country risk limits is to comply with the requirements and restrictions set at the Group level.

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. The Group pays close attention to control of concentration of major credit risks and compliance with the prudential requirements of the regulating authority, analysis and forecast of the level of credit risks. The following methods are used:  a distributed mechanism of the Borrowers’ legal and economic connection criteria identification and further centralized maintenance of a unified list of the related borrowers’ groups;  controlling the provision of large loans to single Borrowers or groups of related Borrowers;  identifying groups of Borrowers in terms of their industry, country and geographical (regional) affiliation.

The Group has a multidimensional system of authorities allowing the determination of the level of decision-making for every credit application. In particular, a risk profile determining powers for decision-making, depending on the risk category of the application is assigned to each regional subdivision of the Bank. In turn, the application risk category depends on the Borrower risk (determined by the Borrower's rating), the aggregate limit for the Borrower/ consolidated group/ group of related Borrowers and the transaction risk (to be determined by the availability of non-standard transaction conditions and LGD). Therefore, the existing systems of limits and powers allow the optimization of the credit process and duly manage the credit risk. The policies and procedures of the organization and functioning of the credit risk management of the operations in the financial markets (OFM) in the Group on an aggregate basis, the key processes, the powers of the major collegial bodies and departments of the Bank in terms of credit risk management of the operations in the financial markets are regulated by the internal regulatory documents. The credit risks of the counterparty in the operations in financial markets are managed under a single Group-wide limit system. The counterparty’s credit risk limit system is two-level (the total counterparty limit and the portfolio limits by groups of operations).

As regards retail credit risks, the set limits are based on the borrower’s risk assessment and are grouped as follows:

 structural limits (this group includes the following types of limits: the credit limit under the scheme, the limit of the corporate client surety, the limit on the product/group of approved products);  authority limits (divided into two subgroups: the limits of the powers of a collegial body and personal limits);  risk concentration limits in terms of the amount of the loan products provided to the Borrower (this group includes the limit on the Borrower’s credit exposure);  limits for the credit unit 15 (this group includes the limit of the accepted application amount).

15 Limits by clients for the corporate customers, small business and retail do not apply to the Group. 33

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. 3.2.1.2 Structure and organization of the work of divisions and collegial bodies charged with credit risk management Credit risk management is performed by the Bank’s management bodies and collective executive bodies. Supervisory Board of the Bank: • approves credit risk-bearing major transactions, credit risk-bearing non-arm’s-length transactions, and credit risk-bearing related-party transactions, in cases and in the manner as stipulated under applicable laws. The Bank’s Management Board, within its competence: • determines the Group's credit risk management policy, creates conditions for its effective implementation, organizes the risk management process within the Group, designates the units responsible for credit risk management; • determines the ways of pursuing the Group's priority areas of operations subject to the level of the credit risks assumed by the Group; • approves the regulations on the Committees; • approves the proposed transactions with the Bank-related entity, if the amount of such transaction is at least 3% of the Bank's equity.

The committees engaged in the implementation of policies in credit risk management. The Group Risk Committee of Sberbank of Russia: • manages credit risks of the Group within the powers, requirements and restrictions approved by decisions of the Bank’s Board; among other things, approves and submits for approval to the Bank’s Board the policies on credit risk management (at the Group or separate Group member level). The Credit and Investment Committee of Sberbank of Russia:  approves requirements for the content and form of the Group members’ internal regulatory documents on credit risks, approves the Bank’s internal regulatory documents in the area of responsibility of Sberbank’s Credit and Investment Committee, and approves the schemes of the Bank’s credit risk transactions with corporate and retail clients;  makes decisions on applications to amend the terms of Transactions with corporate and retail clients and/or the setting/closing of exposure limits for the Group members within the limits set by Sberbank’s Group Risk Committee;  approves and closes the set credit risk limits (except for setting/closing the credit risk limits for financial institutions);  makes decisions on loans and other debts made by the departments of the Bank's Central Office, as well as on Transactions exceeding the powers of the subordinate committees of the Bank in accordance with the regulations of the Bank of Russia and the Bank’s internal regulatory documents on provisioning;

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014.  approves the procedures for monitoring the Bank's loans, dealing with potentially bad and bad debts for the Transactions exceeding the powers of the subordinate committees;  determines the list of transactions for the subordinate committees (Sberbank’s Committee on cross-border transactions, Sberbank’s Committee on bad assets, Sberbank’s Committee on retail lending, Sberbank’s Committee on corporate business, Sberbank’s Committee on retail business, as well as the collective bodies of the Bank’s regional offices (regional banks, main branches, branches, and internal structural divisions) that make decisions on transactions with Counterparties within their powers) exercising certain credit risk management functions within the requirements set by Sberbank’s Credit and Investment Provision Committee;  approves the authority of the subordinate committees;  approves the authority of the underwriters. The Trading Risk Committee of Sberbank of Russia In terms of the counterparty credit risk management for operations in the financial markets:  approves the types of credit risk limits;  sets the credit risk limits for financial institutions;  sets the credit risk limits and restrictions for individual transactions and positions arising from operations in the financial markets in terms of the departments, portfolios and sub-portfolios;16  approves the decision-making levels and escalation levels for credit risk limit violations, delegates the authority as for the said limits and restrictions (or types of limits and restrictions);  approves the procedures and terms for the approval of overlimits (violations of restrictions), and mechanisms for informing the Trading Risk Committee of such overlimits and violations, depending on their amount;  takes note of reports on the credit risk limit use and violation; adopts, if necessary, decisions on the approval of the overlimit or on harmonization of the positions exposed to market or credit risk with the limits and restrictions;  approves the architecture of credit risk limits, the procedure for setting and monitoring the limits and restrictions, and methodology for assessing these risks;  approves the security control procedure for operations in the financial markets;  approves the types of financial instruments to hedge credit risks.

Operating units of Group credit risk analysis and assessment The Risks Department in the Bank is organized based on the principle of assigning control and methodological functions (Risk control) to different departments — the development of models and methodologies for credit risk assessment — and the executive part (Risk taking)

16 When an operation in the financial markets is considered in conjunction with a credit transaction, Sberbank’s Credit and Investment Provision Committee may approve the credit risk limits for this operation. In this case, the limits must be pre-agreed with the Risk Methodology and Control Department. 35

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. — ratings and approval of loans, as well as the allocation of a separate unit responsible for the validation of models, processes and systems. The Risk Methodology and Control Department is a unit engaged in Group credit risk management. The control and methodological functions performed by divisions of the Risk Methodology and Control Department and the Validation Department are as follows: . methodology of Group credit risk management; . methodology of business line credit risk management: o corporate risks; o retail risks and SMEs; o operational risks; o market risks (in terms of counterparty risk on transactions in the financial markets); . methodology of provisions; . development of tools and risk models; . risk insurance; . risk reports; . project activities on implementation of Basel II, III; . validation. The executive part is carried out by the Risks Department divisions: . planning and monitoring of efficiency; . business line underwriting: the underwriting division provides an independent examination of credit risks and makes decisions on credit transactions considered under the CF technology within the competence delegated in accordance with the Bank’s internal regulatory documents: o underwriting of individuals; o micro underwriting; o SME underwriting; o corporate underwriting; . market risk assessment (CIB). The control procedures developed by the units responsible for the control and methodological part are delivered to the units responsible for the executive part in the form of the IRD and administrative documents. In turn, the units responsible for the executive part, submit the reports for analysis to the units responsible for the control and methodological part. Moreover, the Risk Methodology and Control Department is engaged in developing training materials intended to be studied by the credit process participants (front line officers, 36

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. underwriters). It also holds workshops aimed at explaining the peculiarities of using the developed approaches in the lending process. The training activities are held for the new employees and according to the amendments in the applied approaches. Internal Audit Service The internal audit service is engaged in verification of the completeness of the application and effectiveness of the bank risk assessment methodology adopted by the Bank and of the banking risk management procedures (methods, programs, rules and procedures of the banking operations and transactions, and banking risk management).

Organizational structure of credit risk management within Group members17 Risk management at all credit risk-bearing subsidiary banks and affiliates of the Group is in conformity with the standards adopted by the Group and has the following standard structure: • Credit risk analysis and assessment units of the Group members: o the unit providing support (including methodological) of the credit risk analysis and assessment procedures at the level of the Group member; o the unit engaged in credit risk analysis and assessment of a Group member (corporate credit risk of a Group member, retail credit risk of a Group member). • In addition, the model structure provides that the following are subordinate to the Head of the Credit Risk Analysis and Assessment Unit of a Group member (other than the Bank): o the unit engaged in underwriting (an independent examination of the credit risks on credit transactions); o the risk methodology and control department of a Group member, which, in turn, may be represented by the following units:  the units providing credit risk analysis and assessment for the full range of risks on the basis of information provided by other risk analysis and assessment units of a Group member;  units engaged in credit risk analysis and assessment of a Group member (corporate credit risk, retail credit risk). Some Group members differ in the standard structure of risk management by lacking a separate business unit engaged in credit risk analysis and assessment. Independent risk assessment is made at the centralized units, with additional confirmation at the local level, in accordance with the requirements of the local regulator. Structure and activity management of DENIZBANK units and collective bodies Credit risk management is performed by DENIZBANK’s management bodies and the Bank’s collective executive bodies:

17 The structure and activity management of the units and collective bodies of DENIZBANK as a major Group member is set out below. 37

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. The Board of Directors of DENIZBANK: • approves credit risk-bearing major transactions, credit risk-bearing non-arm’s-length transactions, and credit risk-bearing related-party transactions, in cases and in the manner required by applicable laws; • determines the credit risk management policy of DENIZBANK, creates conditions for its effective implementation, organizes the risk management process within DENIZBANK, determines the subdivisions responsible for credit risk management; • determines the for implementing DENIZBANK’s priority areas of operations subject to the level of the credit risks assumed by DENIZBANK; • approves the regulations on the Committees. The Loans Committee of DENIZBANK: • approves and closes the set credit risk limits; • makes decisions on applications for making amendments to the terms of Transactions and/or the setting/closing of exposure limits within the limits set by the Loans Committee of Sberbank; • determines the list of transactions for the subordinate committees exercising certain credit risk management functions within the requirements set by the Loans Committee of DENIZBANK; • makes decisions on the transactions made by the units of the Bank’s Central Office, and on the transactions exceeding the powers of the subordinate committees of DENIZBANK. The Underwriting Committee of DENIZBANK The Underwriting Committee makes decisions on applications for making amendments to the terms of Transactions and/or the setting/closing of exposure limits within the limits set by the Loans Committee of DENIZBANK. Operating units for credit risk analysis and assessment of DENIZBANK The Risks Department in DENIZBANK is organized on the basis of assigning the control and methodological functions (Risk control) to different departments — the development of models and methodologies for credit risk assessment — and the executive part (Risk taking) — ratings and approval of loans. The control and methodological functions for corporate and retail clients are performed by the Lending Methodology Department and the Retail and Small Business Department:  methodology of business line credit risk management: o corporate risks; o retail risks and SMEs; o market risks (in terms of counterparty risk on transactions in the financial markets);  development of tools and risk models;

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014.  risk reports. The executive part is carried out by the business line underwriting. The underwriting division provides an independent examination of credit risks and makes decisions on credit transactions considered within the competence delegated in accordance with the IRD of DENIZBANK: . underwriting of individuals; . micro underwriting; . corporate underwriting; . underwriting of operations in the financial markets. Moreover, the Risks Department of DENIZBANK is engaged in developing training materials intended to be studied by the credit process participants (front line officers, underwriters). It also holds workshops aimed at explaining the peculiarities of using the developed approaches in the lending process. DENIZBANK Internal Control Service The Service verifies the completeness of the application and effectiveness of the bank risk assessment methodology adopted by DENIZBANK and of the banking risk management procedures (methods, programs, rules and procedures of the banking operations and transactions, and banking risk management).

3.2.1.3 Credit risk assessment methodology Credit risk is evaluated for the Group in general and in terms of different portfolios of assets exposed to credit risk, and also in terms of individual credit risks of specific counterparties and groups of counterparties, countries, geographical regions, branches of economy/types of economic activities. The Group uses a system of internal ratings based on economic and mathematical models of evaluating the probability of default by counterparties and transactions. Evaluation of credit risks of the Group’s counterparties for transactions that carry the credit risks is made depending on types of counterparties:  corporate customers, credit institutions, financial companies, small business entities, countries, constituent entities of the Russian Federation, municipal entities, insurance and leasing companies – on the basis of the credit ratings system, and also by building models of predicted cash flow or other important indicators;  individuals and micro business entities based on evaluation of paying capacity of counterparties in accordance with the Group’s internal regulatory documents and express evaluation. The system of credit ratings ensures a differentiated evaluation of probability of failure to perform/improper performance by counterparties of their obligations. The evaluation is performed based on analysis of quantitative (financial) and qualitative factors of credit risks, the level of their impact on the counterparty’s capacity to perform and discharge the undertaken obligations. The Group’s internal regulatory documents provide for an evaluation of the comprehensive range of factors, the list of which is standardized depending on the types of 39

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. counterparties. Mandatory evaluation shall apply to risk factors related to the counterparty’s financial state, ownership structure, business reputation, credit history, system of cash flow and financial risk management, information transparency, the customer's position in the area and in the region, availability of support on behalf of state authorities and parent companies, a group of which the Borrower is a member. Taking into account the analysis of the said risk factors, the counterparty’s/transaction default probability is evaluated, and they are further classified by ratings. A. As related to measurement of the contracotr's risk with respect to OTC derivatives The Bank/Group will suffer economic losses if the transaction or a portfolio of transactions with the counterparty has a positive economic cost for the Bank at the time of the contractor's default. Evaluation of the contractor risk is an important component of credit risk management on the financial market. The following risk metrics are used as a part of the contractor risk management:  Credit Valuation Adjustment (CVA) considering the impact of the contractor's credit risk on the fair value of OTC derivatives;  standard regulatory capital adequacy with respect to the contractor's credit risk Standard regulatory capital adequacy with respect to the contractor's credit risk is evaluated in accordance with the current exposure method. This method provides for compliance with the requirements of the Bank of Russia and provides for a netting and application of a complex collateral appraisal method. The method evaluates exposure to risk as an amount of the current fair value and potential future risk exposure, excluding collateral value adjusted allowing for its volatility. The current risk exposure approach is fully described in the instructions of the Bank of Russia and recorded in the Bank's internal documents. B. As regards measuring retail credit risk Beginning from 2012, in order to calculate economic capital, a set of behavioral models of the main risk components (PD, LGD, EAD) of the retail portfolio was developed in the Bank. To make a decision on granting a credit application PD models are used in the Bank, but using other statistical arrays in depth, which may sometimes lead to a different set of factors in models and various calibration levels. Data of the Scoring Mart based on SAS platform are used to calculate risk metrics. Completeness and coordination of the data is controlled automatically at the time of uploading. Risk metrics is updated on a quarterly basis. All models (application and behavioral) undergo mandatory annual validation. In the event of successful validation the model remains unchanged and all documents related to the model approved by CRO order also remain unchanged. If the result is negative, the validation model shall be reprocessed completely or updated in part, depending on the recommendation of the validation department, and documentation related to these works shall be approved again by CRO order. All documentation related to the development and maintenance of any types of models is confidential.

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. Economic capital shall be calculated on a quarterly basis. For that purpose, in particular, risk metrics (PD, LGD, EAD) are recalculated for all existing retail customers of the Bank based on the current and approved behavioral models. Application of risk metrics in the Bank's internal processes: • individual possibility of PD default is calculated based on the application model at the time of making a decision on granting a loan; • in the Risk based pricing (RBP) model with regard to the consumer loans, PD is used; LGD and EAD are taken as constants for this portfolio; • behavioral models are used in Business Planning and to calculate regulatory and economic capital; • retail risk metrics, such as NPL90+ and EL are included in the bank's risk appetite; • PD, LGD, are EAD metrics are input values of the CPM model, thus they participate in calculation of the credit risk economic capital, which is a credit portfolio management tool serving as a basis to establish limits to focus on the sector and products. Exposure at Default Cost model (EAD) To develop EAD models, retail credit portfolio is segmented into four criteria: 1. Credit granting technology. Loans issued to individuals are (were) granted based on two technologies: centralized technology (credit factory, CF) and decentralized technology (NCF). 2. Credit product. 3. Current delay. 4. Utilization level. Portfolio segmentation in view of factors (3) and (4) appears as follows:

Availability of the current delay

Less than 8 days 8 days and more

Utilization <95% 1 3 level ≥95% 2 4

The EAD calculation process contains 3 stages: 1. Calculation of the transformation ratio with regard to which the amount of current debt to calculate EAD is adjusted: • generation of a long list of factors; • performing single-factor analysis: o evaluation of the discriminating power of factors; o analysis of correlations and selection of factors for a short list; • performing multi-factor analysis. 41

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. 2. Calculation of value of the expected EAD for every transaction: • for non-revolving products (mortgage, car loan, consumer loan, micro loan) and revolving products (credit cards) with a utilization level 95% or more, the amount of expected EAD is calculated as current debt multiplied by the transformation ratio; • for revolving products with utilization level less than 95% the amount of the expected EAD is equal to the amount of the current debt multiplied by the transformation ratio between the limit and amount of the current debt. 3. Model calibration. After the expected value of the amount is calculated under the risk, the obtained value is calibrated on the general block of data to the actually observed value of EAD.

The Bank and the Group apply a unified rating scale consisting of 26 rating levels. Every level of the rating scale has ranges of matching default probability values, and average values for such ranges are defined. Such rating scale and default probability are used for the following purposes:  to compare and differentiate Contractors subject to the credit risk level;  to compare different Contractors' segments in terms of the credit risk level;  to prepare reports on the risks;  to determine the size of provision for possible losses/bad debts;  to form prices taking into account valuation of credit risk losses;  to assess the level of expected and contingent loss;  to calculate economic capital. The rating scale is applied as a whole to the loan portfolio and is contingently comparable with the ratings given by the rating agencies (S&P, Moody’s, Fitch).

Important credit risk indexes are the category of the loan quality and value of the generated provision for possible bad debts. To define general principles of classifying loans in order to generate a provision, to qualify loans as bad debts for collecting and writing them off by means of a provision for possible bad debts, to define financial status of Borrowers, category of the loan quality, to evaluate collateral, and the procedure for calculating the provision, the corresponding methodological documents were approved by the Bank. The procedure for qualifying loans in accordance with the quality category, depending on the following classification: • The Bank selects portfolios of similar loans. The portfolio of similar loans includes loans with similar credit risk characteristics. The loans grouped in a portfolio of similar loans shall include loans that are extended to individuals and small businesses on standard terms

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. and conditions, as specified by the Bank's normative documents, and also as part of individual lending arrangements, approved by separate decisions of collegial bodies of the Bank.

Category of quality and size of the provision for loans qualified as a portfolio of similar loans shall be defined based on the following: - analysis of statistical data for a minimum period of three years, reflecting the actual level of the Bank's losses; - adjustments of the credit risk level depending on the portfolio structure.

In order to provide due adequacy of credit risk level evaluation procedures and to determine the amount of provisions for possible bad debts, as well as to decrease labor costs when classifying extended loans, the provision related to the portfolio of similar loans shall be generated based on professional judgment with regard to the portfolio of similar loans. The composition of the portfolio of similar loans shall be approved/updated pursuant to a Directive. Standard payments to generate the provision for the portfolio of similar loans shall be approved pursuant to a Directive on quality category and size of payments for the provision for the portfolio of similar loans at least once per quarter. The Bank shall not conduct monitoring of credit risk factors separately for each of the loans included in the portfolio of similar loans. Such loans shall be reevaluated only if documents or information about a substantial change of factors affecting the affiliation of the loan to a portfolio/specific subportfolio are received by the Bank. • Loans not included in portfolios of similar loans or withdrawn from them shall be classified individually. To evaluate such a category of loans, comprehensive analysis of factors is used, which contains the following elements: - evaluation of the borrower's financial state; - evaluation of the quality of loan debt service; - revealing other important factors affecting the loan classification as well as analysis of the effect of classification of the other Borrower's loans on the established quality category; - revealing the possibility and practicability of qualifying the loan under a higher quality category; - calculation of the amount of collateral affecting the size of the generated provision.

Evaluation of the loan classified individually and determination of the size of a calculated provision shall be performed based on a professional judgment with respect to the particular loan. In order to ensure the timely nature of the classification (reclassification) of loans and the formation (or adjustment of the size) of the provision, monitoring of credit risk factors that influence the size of the formed provision shall be regularly performed for individual loans. • For loans evaluated individually provision shall be generated based on a professional judgment on the credit risk level. Revaluation shall be performed quarterly or more frequently, if credit risk factors are revealed. A documented professional judgment shall be kept in the credit file.

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. • For loans of borrowers who are residents of offshore jurisdictions an additional/special provision shall be generated. Approach to generation of provisions for operations with residents of offshore jurisdictions shall be regulated by the corresponding IRD.

3.2.1.4 Credit risk monitoring Monitoring of the corporate credit risk and financial markets transaction risk The system of control and monitoring of the Group credit risks level is implemented based on principles ensuring preliminary, current, and follow-up control of operations, compliance with the established risk limits and their timely update, which is enshrined in internal regulations. The Bank conducts daily monitoring of major default risks and projection of compliance with the requirements imposed by the Bank of Russia for the standards18 N6 (maximum exposure per Borrower or group of affiliated Borrowers) and N7 (limit on major default risks). Retail credit risk monitoring Monitoring of retail credit risk shall be performed by controlling retail loan portfolio quality factors and quality factors of the implementation of monitoring procedures and retail loan portfolio quality management. In order to implement monitoring and retail loan portfolio quality management, four quality factors of the retail loan portfolio are used: level of overdue amount of the first loan payment, level of overdue amount of the second loan payment, level of final losses and overdue amount collection efficiency ratio. Monitoring (calculation of retail loan portfolio quality factors) shall be performed: • on a quarterly basis: for regional divisions, if retail loan portfolio generated by them is referred to the Green Quality Zone according to the results of monitoring for the previous period analyzed; • on a monthly basis: for regional divisions, if the retail loan portfolio they have drawn up is referred to the Red or Yellow Quality Zone according to the results of monitoring for the previous analyzed period. A decision concerning loan portfolio quality shall be taken based on aggregation of all quality factors in accordance with the approved methodology. Based on the results of the analysis, a Report with an executive summary on the state of the Bank's loan portfolio attached shall be drawn up. Reports on credit risk shall be drawn up on a regular basis on the Group participant level and consolidated in view of the products, client segments and regional divisions. Internal reporting reflects basic portfolio quality factors: level of overdue amount during different periods, including NPL90+, collection efficiency, PD, LGD and others.

18 Bank of Russia Guidelines of December 3, 2012, No. 139-I “On statutory requirements for banks” (as revised October 25, 2013). 44

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. In order to inform management and collegial bodies involved in the risk management processes, a system of reports structured in accordance with the following principles is applied: • methods of report preparation are mostly focused on active decision-making (i.e. prospect-oriented), not on a statement of facts after the events have occurred; • reports contain data that can be compared in all business units, which allows consideration of all risk positions jointly in the financial institution as a whole with the requisite level of detailing; • reports on the most important matters of credit risk management shall be drawn up regularly on a monthly basis; other reports shall be issued on a regular basis as well, but less frequently: - quarterly report: overall review of accepted risks as compared to Risk Appetite and cascading limits containing, inter alia, the current risks profile, forecasts and results of stress analysis, concentration risks and actual risks, activity monitoring, etc.; - other reports, including reports on the results of the risk identification and evaluation process, reports on economic capital adequacy, reports on regulatory capital adequacy under Basel II, reports on earnings at risk (EaR), and reports on stress analysis results.

3.2.1.5 Analysis of exposure to credit risk

Table 3.4 Assets of the banking group of Sberbank of Russia, provisions for which are made individually А) as of July 1, 201419

Quality categories, RUB'000 Amount of Asset composition claims, RUB'000 1 2 3 4 5

Claims to lending institutions 1,151,317,388 1,142,908,884 3,099,732 4,309,360 348,029 651,383

Claims to legal entities other than 10,034,558,263 6,479,424,656 2,273,731,973 748,378,827 164,940,217 368,082,590 lending institutions Loans (credits) granted to individuals and other claims to individuals, total, 189,317,138 105,347,960 47,912,738 5,496,753 6,880,591 23,679,096 including

residential loans other than 93,403,834 51,545,388 31,468,211 2,228,467 3,477,343 4,684,425 mortgage loans mortgage loans 15,386,803 5,246,060 1,613,284 1,045,710 413,663 7,068,086 car loans 1,578,854 1,012,354 259,083 34,242 15,618 257,557 other consumer loans 69,831,215 46,235,911 14,460,849 2,086,822 2,773,198 4,274,435 other assets 8,935,367 1,269,093 96,533 68,915 193,325 7,307,501 interest income claims 181,065 39,154 14,778 32,597 7,444 87,092

Assets assessed for creating 11,375,192,789 7,727,681,500 2,324,744,443 758,184,940 172,168,837 392,413,069 provisions for possible losses, total

19 Data from the reporting form "Information of the assets quality of assets of a lending institution (banking group)" (OKUD form code 0409115) as of July 1, 2014. Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014.

B) as of January 1,.2014

Quality categories, RUB'000 Amount of Asset composition claims, RUB'000 1 2 3 4 5

Claims to lending institutions 884,616,999 878,190,089 4,066,812 1,778,147 180,324 401,627

Claims to legal entities other than 8,470,424,229 5,497,571,380 1,849,450,499 644,704,409 151,708,479 326,989,462 lending institutions Loans (credits) granted to individuals and other claims to individuals, total, 24,088,857 2,296,234 366,720 1,578,771 402,672 19,444,460 including

residential loans other than 7,716,209 164,901 15,862 363,046 16,928 7,155,472 mortgage loans mortgage loans 7,451,023 1,630,019 311,153 1,009,531 295,714 4,204,606 car loans 175,958 1,309 93 14,369 8,628 151,559 other consumer loans 2,339,438 399,497 13,302 163,082 77,446 1,686,111 other assets 6,252,388 90,513 - - - 6,161,875 interest income claims 115,648 9,609 3,914 28,743 3,946 69,436

Assets assessed for creating 9,379,130,085 6,378,057,703 1,853,884,031 648,061,327 152,291,475 346,835,549 provisions for possible losses, total

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014.

Table 3.5 Provisions for possible losses on assets of the banking group of Sberbank of Russia, provisions for which are made individually А) as of July 1, 201420

Provisions for possible losses, RUB'000 Amount of Asset composition based on Actually formed provision by quality categories claims, RUB'000 estimated collateral 1 2 3 4 5 Claims to lending institutions 1,151,317,388 1,945,794 699,626 1,936,322 65,511 1,037,661 177,494 651,383 Claims to legal entities other 10,034,558,263 709,682,133 536,755,536 544,541,178 36,695,088 100,904,688 72,822,229 333,397,515 than lending institutions Loans (credits) granted to individuals and other claims 189,317,138 30,747,054 30,562,095 30,659,715 405,860 1,771,926 4,831,217 23,604,753 to individuals, total, including residential loans other 93,403,834 7,941,000 7,922,207 7,922,207 153,795 777,792 2,305,676 4,669,288 than mortgage loans mortgage loans 15,386,803 7,652,283 7,512,125 7,512,125 11,200 252,379 221,274 7,027,221 car loans 1,578,854 281,177 273,028 273,028 873 12,098 8,895 249,452 other consumer loans 69,831,215 7,350,054 7,332,310 7,332,310 235,155 691,931 2,111,426 4,265,259 other assets 8,935,367 7,522,540 7,522,425 7,522,425 4,538 30,224 180,159 7,307,501 interest income claims 181,065 X X 97,620 299 7,502 3,787 86,032 Assets assessed for creating provisions for possible 11,375,192,789 742,374,981 568,017,257 577,137,215 37,166,459 103,714,275 77,830,940 357,653,651 losses, total

20 Data from the reporting form "Information of the assets quality of assets of a lending institution (banking group)" (OKUD form code 0409115) as of July 1, 2014. 48

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014.

B) as of January 1, 2014

Provisions for possible losses, RUB'000 Amount of Asset composition based on Actually formed provision by quality categories claims, RUB'000 estimated collateral 1 2 3 4 5 Claims to lending institutions 884,616,999 1,105,149 39,172 - 53,038 512,803 91,969 523,914 Claims to legal entities other 8,470,424,229 627,371,088 462,176,900 91,561 28,749,242 82,568,632 58,847,358 299,489,673 than lending institutions Loans (credits) granted to individuals and other claims 24,088,857 20,131,325 19,975,488 327 4,324 393,131 192,915 19,397,092 to individuals, total, including residential loans other 7,716,209 7,297,195 7,292,705 x 157 128,443 8,633 7,155,472 than mortgage loans mortgage loans 7,451,023 4,649,003 4,512,247 x 2,895 208,546 140,752 4,160,044 car loans 175,958 159,717 154,123 x 1 3,597 4,298 146,172 other consumer loans 2,339,438 1,776,415 1,769,342 x 863 45,665 37,036 1,685,778 other assets 6,252,388 6,154,138 6,154,138 x - - - 6,166,177 interest income claims 115,648 79,117 77,193 x 77 6,880 2,188 68,048 Assets assessed for creating provisions for possible 9,379,130,085 648,607,562 482,191,560 91,888 28,806,604 83,474,566 59,132,242 319,410,679 losses, total

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014.

Table 3.6 Assets of the banking group of Sberbank of Russia exposed to the credit risk, provisions for which are made on the portfolio basis

July 1, 201421 January 1, 201422 Provision for Provision for Amount of claims, Amount of claims, possible losses possible losses RUB'000 RUB'000 created, RUB'000 created, RUB'000 Indebtedness under loans granted to individuals 3,315,470,311 105,719,039 grouped by portfolios of similar loans, total, 3,675,732,320 138,953,710 including:

Indebtedness under loans grouped by portfolios of X X X X similar loans, classified by quality categories: II quality category loans portfolio 3,526,219,534 36,750,453 3,205,004,360 33,279,630 III quality category loans portfolio 17,480,010 1,116,515 21,198,155 1,271,391 IV quality category loans portfolio 26,955,025 8,731,999 14,195,247 4,818,108 V quality category loans portfolio 105,077,751 92,354,743 75,072,549 66,349,910

Indebtedness under similar claims of individuals 2,134,900 860,788 2,560,193 880,026 grouped by portfolios, classified by quality categories: I quality category claims portfolio - X 0 0 II quality category claims portfolio - - 1,755,185 44,084 III quality category claims portfolio 1,320,185 46,073 0 0 IV quality category claims portfolio - - 0 0 V quality category claims portfolio 814,715 814,715 805,008 835,942

21 Data from the reporting form "Information of the assets quality of assets of a lending institution (banking group)" (OKUD form code 0409115) regarding assets of Sberbank of Russia as of July 1, 2014. 22 Data from the reporting form "Information of the assets quality of assets of a lending institution (banking group)" (OKUD form code 0409115) regarding assets of Sberbank of Russia as of January 1, 2014 adjusted considering events after the reporting date. 50

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014.

July 1, 2014 January 1, 2014 Provision for Provision for Amount of claims, Amount of claims, possible losses possible losses RUB'000 RUB'000 created, RUB'000 created, RUB'000 Indebtedness under loans granted to SMEs grouped by portfolios of similar loans, classified by 430,581,774 21,057,474 388,635,296 13,267,147 quality categories: II quality category loans portfolio 401,566,175 4,015,668 373,266,183 3,732,888 III quality category loans portfolio 6,145,573 965,192 2,335,379 365,312 IV quality category loans portfolio 6,666,334 1,981,775 3,686,329 1,029,557 V quality category loans portfolio 16,203,692 14,094,839 9,347,405 8,139,390

July 1, 2014 January 1, 2014 Provision for Provision for Amount of claims, Amount of claims, possible losses possible losses RUB'000 RUB'000 created, RUB'000 created, RUB'000 Indebtedness under similar claims of legal entities grouped by portfolios, total, 7,970,174 2,247,297 7,158,829 1,784,950 including: I quality category claims portfolio - X - - II quality category claims portfolio - - 5,516,382 142,503 III quality category claims portfolio 5,929,829 206,952 - - IV quality category claims portfolio - - - - V quality category claims portfolio 2,040,345 2,040,345 1,642,447 1,642,447

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014.

Table 3.7 Assets of the banking group of Sberbank of Russia exposed to the credit risk, segmented by economic sectors23

Loans before deduction of provision for Segment impairment, RUB bln As of July 1, 2014 As of January 1, 2014

Individuals 4,169.2 3,748.0

Services 2,581.7 2,445.3

Trade 1,544.8 1,366.2

Food industry and agriculture 925.8 900.6

Federal and municipal government offices 648.4 672.9

Machine building 716.5 658.7

Power industry 779.6 644.9

Telecommunications 585.3 560.1

Construction 558.5 492.6

Metallurgy 526.7 459.6

Transport, aviation and space industry 498.4 448.3

Chemical industry 400.7 386.9

Oil and gas industry 284.8 208.3

Woodworking industry 76.9 76.1

Other 533.8 475.5

Total 14,831.1 13,544.0

23 As per the data of the interim condensed consolidated financial statements of Sberbank of Russia in accordance with the IFRS – June 30, 2014. 52

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. Table 3.8 Assets of the banking group of Sberbank of Russia exposed to the credit risk, segmented by geographic regions24

Assets exposed to the credit risk, RUB'000* Region as of July 1, 2014 as of January 1, 2014 Russian Federation 15,658,900,725 14,286,987,275 CIS countries 405,788,935 420,052,791 Other countries 1,952,787,157 1,710,885,024 * Assets taken into the account:  funds in lending institutions;  financial assets assessed at their fair value through profit or loss;  derivative financial instruments intended for trading;  financial assets assessed at their fair value through profit or loss transferred without derecognition;  credits (loans) and receivables;  financial assets available for sale.

Table 3.9 Allocation of loans and advances to clients of the banking group of Sberbank of Russia depending on the terms to maturity25

As of the reporting date, RUB bln

December 31, June 30, 2014 2013 On demand and below 1 month 752.9 616.9 1 to 6 months 1,564.9 1,337.6 6 to 12 months 1,686.5 1,941.4 1 to 3 years 4,607.5 4,200.0 Over 3 years 5,348.2 4,743.9 Indefinite term/overdue 153.1 93.9 Total 14,113.1 12,933.7

24 Data from the reporting form "Consolidated Balance Sheet" (OKUD form code 0409802) as of July 1, 2014 and January 1, 2014 without consideration of adjustments, including mutual operations. 25 As per the data of the interim condensed consolidated financial statements of Sberbank of Russia in accordance with the IFRS – June 30, 2014. 53

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. Table 3.10 Allocation of loans and advances to clients of the banking group of Sberbank of Russia by loan currency26

As of the reporting date, RUB bln

December 31, June 30, 2014 2013 Rubles 10,260.2 9,371.1 US dollars 2,429.4 2,270.3 Euro 578.8 508.7 Turkish lira 521.5 457.3 Other currencies 323.2 326.3 Total 14,113.1 12,933.7

Table 3.11 Dynamics of provisions for possible losses under loans in the portfolio of the banking group of Sberbank of Russia, RUB bln27

Residenti Credit Commercial Special Consumer al Car cards lending lending and other loans lending lending and to legal to legal to to to individuals overdra entities entities individuals individual fts s Loan loss provision as of December 31, 293.4 206.1 60.1 26.2 20.6 3.9 2013 Net loss from creating loan loss 84.3 14.1 34.3 5.3 10.6 2.3 provision throughout the year Currency conversion effect (2.8) (0.3) (0.2) (0.7) 0.1 - Loans and advances

to clients deducted (14.3) (16.6) (6.3) (0.5) (1.5) (0.1) throughout the year Loan loss provision as of June 360.6 203.3 87.9 30.3 29.8 6.1 30, 2014

3.2.1.6 Impairment and overdue indebtedness Unified standards for working with problem assets of legal entities are being established in the Sberbank of Russia Group. During 2013-2014, the unified standards were implemented in Sberbank Leasing CJSC, SB of CIS and Western Europe. Implementation in Denizbank is planned for Q4 2014. The working standards are optimized taking into account the best international practices if a decrease in return efficiency is revealed.

26 As per the data of the interim condensed consolidated financial statements of Sberbank of Russia in accordance with the IFRS – June 30, 2014. 27 As per the data of the interim condensed consolidated financial statements of Sberbank of Russia in accordance with the IFRS – June 30, 2014 54

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. For H1 2014, a decrease in problem indebtedness of legal entities of Sberbank of Russia Group reached RUB 116.6 bln, including: RUB 100.8 bln for Sberbank of Russia; RUB 6.3 bln for subsidiary banks; RUB 9.5 bln for subsidiaries. Restoration of provisions for problem indebtedness of legal entities of Sberbank of Russia Group for the same period reached RUB 73.9 bln, including: RUB 72.0 bln for Sberbank of Russia; RUB 1.9 bln for subsidiary banks. Table 3.12 Restructured loan portfolio of the banking group of Sberbank of Russia, RUB bln28

Loans before deduction of provision for impairment, Segment RUB bln As of July 1, 2014 As of January 1, 2014 Performing loans with losses assessed on 1,321.6 1,100.0 a collective basis, including:

Commercial lending to legal entities 501.1 542.6

Special lending to legal entities 785 533.0

Consumer and other loans to individuals 9 6.9

Residential lending to individuals 25.1 16.7

Car lending to individuals 1.4 0.8

Other loans with revised terms, including: 348 222.6

Commercial lending to legal entities 187.8 96.1

Special lending to legal entities 130.9 107.6

Consumer and other loans to individuals 10.9 6.9

Residential lending to individuals 15.9 10.6

Car lending to individuals 2.5 1.4

For the purposes of this report, impaired and problem indebtedness means assets of 2, 3, 4, 5 quality category as per the requirements of Regulation of the Bank of Russia dated March 26, 2004 No. 254-P "On the Procedure for Making Provisions by Credit Institutions for Possible

28 As per the data of the interim condensed consolidated financial statements of Sberbank of Russia in accordance with the IFRS – June 30, 2014. 55

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. Losses on Loans, Loan and Similar Debts" for individual loans and portfolio loans overdue for 1 or more days. The report includes information on impaired and overdue debts by the below types of loan and similar indebtedness: • loans (credits) granted, deposits placed (including interbank loans and deposits, overdrafts of legal entities and individuals, as well as loans granted to individuals as a result of operations with bank cards issued by the Bank); • discounted bills of legal entities; • claims to legal entities under transactions of sale (purchase) of financial assets with payment deferral (financial assets provision); • claims to legal entities (other than banks) for return of funds provided for transactions conducted with securities repayable without recognition of the securities received; • other claims to legal entities arising from transactions with financial instruments recognized as loans.

Table 3.13 Overdue loans of the banking group of Sberbank of Russia, provisions for which are made on an individual basis А) as of July 1, 201429

Overdue amount, RUB'000 Amount of from 91 Asset composition up to 30 from 31 to Over 180 claims to 180 days 90 days days days Claims to lending 1,151,317,388 288,444 - - 387,275 institutions Claims to legal entities other than lending 10,034,558,263 119,637,419 50,644,940 59,832,262 230,316,348 institutions Loans (credits) granted to individuals and other claims to individuals, 189,317,138 5,959,514 3,082,354 2,482,425 31,191,476 total, including residential loans other than mortgage 93,403,834 2,227,426 799,539 510,919 10,165,003 loans mortgage loans 15,386,803 359,334 170,000 152,437 6,980,237 car loans 1,578,854 44,755 33,821 27,516 213,135 other consumer 69,831,215 3,024,715 1,381,935 977,308 8,041,478 loans other assets 8,935,367 298,982 685,026 806,103 5,731,818

29 Data from the reporting form "Information of the assets quality of assets of a lending institution (banking group)" (OKUD form code 0409115) as of July 1, 2014 56

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. interest income 181,065 4,302 12,033 8,142 59,805 claims Assets assessed for creating provisions for 11,375,192,789 125,885,377 53,727,294 62,314,687 261,895,099 possible losses, total

А) as of January 1, 2014

Overdue amount, RUB'000 Amount of from 91 Asset composition up to 30 from 31 to Over 180 claims to 180 days 90 days days days Claims to lending 884,616,999 - 835 - 2,048 institutions Claims to legal entities 8,470,424,229 33,941,816 38,426,907 20,107,902 197,498,645 other than lending institutions Loans (credits) granted to individuals and other 24,088,857 608,417 693,502 956,240 16,768,927 claims to individuals, total, including residential loans 7,716,209 8,423 46,684 61 7,011,462 other than mortgage loans 7,451,023 37,358 53,354 55,766 3,723,234 mortgage loans 175,958 2,810 4,863 2,381 135,693 car loans other consumer 2,339,438 41,440 16,640 25,767 1,624,390 loans 6,252,388 516,843 569,625 870,837 4,203,359 other assets

interest income 115,648 1,543 2,336 1,428 57,056 claims Assets assessed for 9,379,130,085 34,550,233 39,121,244 21,064,142 214,269,620 creating provisions for possible losses, total

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014.

Table 3.14 Overdue loans of Sberbank of Russia, provisions for which are made on the portfolio basis

July 1, 201430 January 1, 201431 Provision for possible Amount of claims, Provision for possible Amount of claims, losses created, RUB'000 losses created, RUB'000 RUB'000 RUB'000 Indebtedness under loans grouped by portfolios of similar loans, total, 3,675,732,320 138,953,710 3,315,470,311 105,719,039 including: PSL residential loans (other than mortgage loans), total 449,050,464 10,975,455 3,169,459,185 36,454,078 Portfolios of performing loans and loans overdue from 1 to 30 days, total, - - including performing loans - - Portfolios of performing loans 437,516,219 6,299,037 3,161,386,438 32,160,822 PSL of loans overdue from 1 to 30 days 5,999,362 241,275 3,341,044 122,237 PSL of loans overdue from 31 to 90 days 1,386,874 471,627 881,110 396,459 PSL of loans overdue from 91 to 180 days 488,408 339,445 345,607 269,574 PSL of loans overdue from 181 to 360 days 486,670 451,140 452,432 452,432 PSL of loans overdue over 360 days 3,172,931 3,172,931 3,052,554 3,052,554 PSL mortgage loans, total 1,152,693,682 12,589,234 981,743,351 10,615,360 Portfolios of performing loans and loans overdue from 1 to 30 days, total, including - - performing loans - -

30 Data from the reporting form "Information of the assets quality of assets of a lending institution (banking group)" (OKUD form code 0409115) regarding assets of Sberbank of Russia as of July 1, 2014. 31 Data from the reporting form "Information of the assets quality of assets of a lending institution (banking group)" (OKUD form code 0409115) regarding assets of Sberbank of Russia as of January 1, 2014 considering events after the reporting date. 58

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014.

July 1, 201430 January 1, 201431 Provision for possible Amount of claims, Provision for possible Amount of claims, losses created, RUB'000 losses created, RUB'000 RUB'000 RUB'000 Portfolios of performing loans 1,124,759,021 5,623,798 964,036,038 4,820,250 PSL of loans overdue from 1 to 30 days 17,794,534 266,918 10,272,795 153,574 PSL of loans overdue from 31 to 90 days 4,495,614 1,581,951 2,886,735 1,299,430 PSL of loans overdue from 91 to 180 days 1,753,739 1,288,997 1,004,921 801,928 PSL of loans overdue from 181 to 360 days 1,289,886 1,226,682 1,278,006 1,277,951 PSL of loans overdue over 360 days 2,600,888 2,600,888 2,264,856 2,262,227 PSL car loans, total 82,856,441 2,708,566 105,248,318 2,426,385 Portfolios of performing loans and loans overdue from 1 to 30 days, total, including - - performing loans - - Portfolios of performing loans 77,582,404 387,913 101,054,798 505,291 PSL of loans overdue from 1 to 30 days 2,305,781 34,587 1,869,574 27,959 PSL of loans overdue from 31 to 90 days 742,385 249,972 572,295 231,577 PSL of loans overdue from 91 to 180 days 466,432 312,511 351,930 261,837 PSL of loans overdue from 181 to 360 days 607,703 571,847 532,971 532,971 PSL of loans overdue over 360 days 1,151,736 1,151,736 866,750 866,750 PSL consumer loans, total 1,991,131,733 112,680,455 1,841,111,131 83,458,583 Portfolios of performing loans and loans overdue from 1 to 30 days, total, including - - performing loans - - Portfolios of performing loans 1,802,738,845 22,232,638 1,717,000,838 21,909,826 PSL of loans overdue from 1 to 30 days 74,989,771 2,778,080 49,329,054 2,085,707 PSL of loans overdue from 31 to 90 days 30,753,585 12,228,389 19,691,447 8,233,866 59

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014.

July 1, 201430 January 1, 201431 Provision for possible Amount of claims, Provision for possible Amount of claims, losses created, RUB'000 losses created, RUB'000 RUB'000 RUB'000 PSL of loans overdue from 91 to 180 days 23,866,659 17,650,984 15,330,133 11,470,214 PSL of loans overdue from 181 to 360 days 28,239,639 27,247,130 20,156,853 20,156,456 PSL of loans overdue over 360 days 30,543,234 30,543,234 19,602,806 19,602,514

July 1, 2014 January 1, 2014 Provision for Amount of claims, Provision for possible Amount of claims, possible losses RUB'000 losses created, RUB'000 RUB'000 created, RUB'000 Indebtedness under loans granted to SMEs grouped by portfolios of similar loans, total, 430,581,774 21,057,474 388,635,296 13,267,147 including: Secured loans - - - - Other loans 430,581,774 21,057,474 388,635,296 13,267,147 Portfolios of performing loans 401,566,175 4,015,668 373,266,183 3,732,888 PSL of loans overdue from 1 to 30 days 10,756,285 2,096,618 5,194,612 1,004,401 PSL of loans overdue from 31 to 90 days 4,486,075 2,484,917 2,800,380 1,576,961 PSL of loans overdue from 91 to 180 days 4,079,554 3,199,509 2,607,880 2,188,951 PSL of loans overdue from 181 to 360 days 5,454,612 5,021,689 3,180,989 3,178,694 PSL of loans overdue over 360 days 4,239,073 4,239,073 1,585,252 1,585,252

3.2.1.7 Information on financial derivatives Increase of repayment risk net value of the Group for the financial derivatives portfolio in H1 2014 depends on a significant increase in current positive fair value. The total positive fair value of contracts reflects the market value of financial derivatives which shall be compensated on the financial market upon the default of contractors with whom the financial derivative transaction is concluded. The increase of total positive fair value for the financial derivatives portfolio, which generally consists of currency derivatives, was primarily influenced by an increase in the exchange rate of the dollar and euro against the ruble in H1 2014. The potential repayment risk has changed slightly, which shows a slight change in the portfolio structure of the Group's financial derivatives. Table 3.15 Repayment risk on the transactions with financial derivatives for the Sberbank of Russia Banking Group, RUB mln

Total positive fair Net value of As of the reporting Potential value of the current Security date repayment risk contracts repayment risk As of January 1, 72,130 58,585 127,613 3,102 2014

As of July 1, 2014 92,047 63,419 148,386 7,080

3.2.1.8 Repayment risk reduction

3.2.1.8.1 Transaction security management Availability of security is the main tool for decreasing the credit risk due to failure to pay under the credit contracts. The members of the Banking Group understand the following as security: guarantees, sureties and collateral. Several kinds of security can be taken at the same time for credit risk limitation. Collateral policy of the Bank32 is targeted to increase the quality of collateral security. The collateral quality is determined by the probability of receiving funds in the amount of the expected collateral value when enforcing upon the collateral or its sale. The collateral quality is indirectly characterized by the list and materiality of risks associated with the collateral and is determined by a series of factors. The factors which significantly affect the quality of collateral security:  liquidity of property to be pledged;  the completeness and quality of performance analysis for the property to be pledged, performed by the Bank;  reliability of cost evaluation for the property to be pledged at the stage of initial review;  depreciation risks for the property to be pledged due to the market's volatility or the qualities of the property itself;

32 The collateral policy of subsidiary banks may differ from the collateral policy of the Bank, including with allowance for the specific nature of requirements of local regulators. Implementation of a unified policy for work with a security is provided within the target system of the Group's integrated risk management. Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014.  exposure of the property to be pledged to risks of loss and damage due to intentional and unintentional actions;  risks caused by legal factors;  hedging measures implemented by the Bank, a member of the Group and a pledger (insurance, mortgaging, lodging of documents with the Bank, Group member, etc.). The quality of security is defined depending on the importance of the aforesaid factors and their combination in respect to the property to be pledged. Within the context of quality the collateral security shall be classified under three categories pursuant to the effective IRD:  Primary collateral is collateral considered as a real source for credit fund repayment.  Comfortable collateral is collateral, registered to strengthen the conditions of the Bank under the transaction, encourage the Borrower to repay the debt or to limit the possibility of an increase in secured debt to other creditors.  Unsecured collateral is security, the features or conditions for documentation of which do not allow the assumption of actual risks. Unsecured collateral is implemented only to restrict the ability of the Borrower to increase the secured debt. The subsequent security, if there are other creditors with primary security rights, shall be considered as unsecured collateral. Primary or comfortable collateral under credit transactions with conditions precedent can be classed as unsecured collateral if their non-fulfillment can lead to the impossibility for the Bank to realize the rights of the Pledge holder till the moment these conditions have been fulfilled. Property which is prohibited from being pledged by law, or any other property limited by Russian law, or property which can be subjected to enforcement cannot be the subject of a pledge. The property to be taken as collateral shall not be seized and shall not be encumbered by any third-party rights, except for encumbrances accepted by the Bank due to the nature of the pledger's business (long-term lease, short lease, financial leasing, etc.), or encumbrances inherent to specific types of property (servitudes related to land parcels on the part of utility network owners, etc.) which do not negatively affect the liquidity of the property. The evaluation and revaluation of the pledged assets' value shall be performed by the Bank's/the Group member's employees independently (expert evaluation or based on the cost of the property to be pledged indicated in the financial statements of the Borrower with the application of a discount) or based on an independent report with subsequent quality control by the Bank's/Group member's employees. The Bank performs regular monitoring of pledged assets to ensure control over quantitative, qualitative and cost parameters of the pledged assets, their legal affiliation, and conditions of storage and upkeep. Frequency of monitoring is defined by:  the requirements of the bylaws of the Bank of Russia;  the conditions of provision of the loan product;  the parameters of the property to be pledged (type of collateral, collateral quality). Standard frequency of monitoring provides for the following: 62

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014.  confirmation of the cost of pledged assets and quarterly insurance control;  frequency of on-site inspections, control of title and encumbrances, depending on the type and category of the assets (once a quarter/once a half-year/once a year). The following types of guarantees and sureties may be considered as collateral:  state guarantees of the Russian Federation;  guarantees by constituent entities of the Russian Federation or municipalities;  guarantees of agency banks;  sureties of creditworthy enterprises, organizations and funds;  sureties of individuals. Use of sureties as collateral security requires the same risk assessment for both the Pledger and the Borrower. The Guarantor's rating calculation and control of the limit for the interbank lending transaction is performed as part of the Guarantor's analysis, as well as other operations and operations with the Guarantor bank or control over conformity of the volume of state guarantees/guarantees by constituent entities of the Russian Federation and municipalities to the provisions of budget legislation. Collateral control over financial market transactions Collateral revaluation under transactions with financial derivatives is performed on a daily basis. Collateral acceptability is controlled in accordance with the bylaws of the Bank which guarantee transparency of pricing, evaluation certainty, liquidity, collateral feasibility and collateral reasonableness for evaluation of regulatory requirements when calculating the capital adequacy ratio. The method for discount evaluation takes into account the fact that the collateral cost may decrease during the time of recovery and sale. In order to implement the process of collateral management a legitimate Agreement on collateral management shall be signed with the Contractor. The agreements on collateral management concluded by Sberbank of Russia allow consideration of the collateral when calculating the amount of residual obligations of the parties under the agreement when events as stipulated under the Agreement arise. When specifying the amount of residual obligations the collateral can be calculated using both the assessed amount and the collateral selling price. The procedure for collateral revaluation and evaluation methods are governed by the provisions of framework agreements. The collateral revaluation shall be performed automatically on a regular basis. The key events performed when working with collateral under general equity risks are:  agreeing terms and conditions under Agreements on collateral management as regards collateral management;  control over the process of position assessment and calculation of collateral amount;  sending and receipt of requests for the introduction of additional collateral;  management of the process of dispute escalation and settlement;  provision of transactional and managerial reports as regards collateral management;  analysis and optimization of the asset portfolio in the collateral.

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. 3.2.1.8.2 Measures to prevent credit fraud A comprehensive system of measures against credit fraud has been implemented within the approved corporate anti-fraud concept, and control procedures are performed both online and offline. If indicators of possible unlawful acts are revealed within consideration of corporate transactions, the level of the collegial body that makes a decision on the transaction is increased. Credit portfolio monitoring is performed on a regular basis in order to minimize the risk of fraud.

3.2.2 Market risk of a trading book

3.2.2.1 Policy for managing market risks of a trading book The policy of market risk management involves optimizing market risk and its conformity to the set Risk Appetite. The basis for the management system is risk identification, its evaluation and subsequent management. In order to speed up the process of decision making and increase their efficiency, powers in the course of risk identification and management shall be distributed across different levels. In order to prevent a conflict of interests, obligations on performance of trade transactions, their accounting and risk management are distributed among management structures. Market risk is identified at the stages of strategic and business planning and upon approval of new products. For the purposes of market risk control, both aggregated risk metrics, unifying the impacts of individual risk factors, and metrics, tied into individual risk factors, are used. Market risk management is performed on a portfolio basis. The portfolio is a set of operations united based on aims and objectives, the list of permitted operations and risks and the subdivision in the interests of which the portfolio is formed. The main tool for managing market risk is the setting of limits for separate portfolios. Distribution of the Risk Appetite to the portfolio and risk management on the level of a specific portfolio of transactions is performed by assessing the portfolio strategy and risk factors inherent in this portfolio. In order to control financial market operations risks, a portfolio hierarchy structure can be set; here the sub-portfolio transactions greatly affect the use of limits and restrictions for the market risk of the portfolio. This portfolio structure is used to cascade the Risk Appetite to more granular groups of transactions on financial markets.

3.2.2.2 The structure and management of subdivisions and collegial bodies for the management of market risks of a trading book All members of the Group use unified rules for distribution and limitation of authorities when managing market risk: 1) Task sharing (conducting operations on financial markets, the accounting of these operations, and risk management for the corresponding operations) on independent reporting lines (both administrative and functional) in order to exclude a conflict of interests. 2) Delegation of responsibility for decision making according to the distribution of Risk Appetite within business subdivisions, member entities and other risk concentration units. 3) Joint decision making on market risk management with the involvement of subdivisions responsible for operations on financial markets and subdivisions responsible for market risk management (including market risk control).

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. The market risk limits are set for four levels of portfolio hierarchy, starting with the aggregated level and finishing with the limits for the level of specific sub-portfolios or strategies. The limits of the top level are the metrics of the Group's Risk Appetite and are defined and set by the Group Risk Committee of Sberbank of Russia. With the further distribution of the cumulative Risk Appetite of the Group, a descending approach is used where the limits of upper levels are distributed to the lower levels. The powers to set limits on the lower levels are delegated to the Sberbank of Russia Trading Risks Committee, which is authorized to delegate them to other collective bodies.

3.2.2.3 The methodology for evaluating and monitoring the market risk of a trading book During market risk limit control the risk departments perform independent monitoring of positions and risks adopted during trading activity and control observance of set limits and restrictions. The risk subdivisions perform the following functions:  independent monitoring of positions and risks adopted by the trading subdivisions;  calculation of risk metrics positions (exposure) and values;  control of limits and restrictions. In addition to market risk control, an inspection is made of transactions for compliance with market conditions as part of the commercialization inspection process. Revealed infringements of market risk limits are handed by the risk subdivision to the authorized body for review; the body is to be defined in accordance with normative documents on market risk management and is authorized to make decisions and ensures due settlement for the infringement. The speed and the frequency of market risk monitoring depend on its type. Current control during the day is performed faster and more frequently compared with the subsequent control (to be performed on the following day). Depending on the time for performance, market risk control can be divided into four types: 1) Preliminary control (for new transactions) is performed by a trading subdivision: ▪preliminary inspection of the limits, to prevent infringements as a consequence of the conclusion of new transactions; ▪control procedures performed as part of the conclusion and registration of transactions. 2) Current control: ▪position monitoring and limit control during the business day. 3) Control at the end of the day: ▪limit and position monitoring at the end of the business day, along with preparation of a final report on market risks for the trading subdivision. 4) Subsequent control (on the following day): ▪data verification in information systems of trade subdivision and transaction support subdivisions on finance markets;

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. ▪position monitoring and limit control at the end of the business day; ▪preparation and mailing of the final version of the market risk report; ▪transaction commercialization inspection; ▪independent detailed price inspection (performed at least at the end of the month or more often if necessary).

3.2.2.4 Analysis of exposure to market risks of a trading book

Table 3.16 Market risk of a trading book for the Sberbank of Russia Banking Group

Value of market risk of a trading book, RUB mln

January 1, 2014 July 1, 2014

15,517 15,898 Interest risk, incl.

Total interest risk 11,533 14,151

Specific interest risk 3,984 1,747 2,609 798 Equity risk, incl.

Total equity risk 849 387

Specific equity risk 1,760 411 166,853 178,040 Currency risk = open currency operation

Total 393,432 386,741 The Group's stock risk decreased due to the reduction in the share portfolio. The slight increase in currency risk is related to the increase in the Group's open currency position. The increase of total interest risk within the Group's interest risk is related to the increase in the share of government bonds in the Group's trading portfolio.

3.2.3 Interest and currency risks of the banking book

3.2.3.1 Policy on managing interest and currency risk of the banking book Interest and currency risks of the banking book are the risks of the bank incurring financial losses under non-commercial requirements and obligations as a consequence of a negative change of interest rates, currency exchange rates and prices for precious metals. The Group assumes the interest rate risk associated with the effects of fluctuations in the market interest rates on the cash flows. Interest rate risk in the banking book includes: • the risk arising due to maturity mismatches (repricing of interest rates) of assets and liabilities that are sensitive to changes in interest rates, when shifting in parallel, changing the slope and shape of the yield curve;

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. • the basis risk arising from a mismatch in the degree of change in interest rates of assets and liabilities that are sensitive to changes in the interest rates with similar maturity (interest rate repricing period); • advanced repayment (interest rate revision) risk regarding the assets and liabilities sensitive to interest rate changes. The Group is also exposed to market currency risk of banking book due to availability of open currency operations. The main sources of the banking book OCP are: • contributions to the capital of foreign subsidiary banks; • loans and investments in foreign currency; • income received in foreign currency. The purpose of banking book interest and currency risks management is to restrict the negative influence of banking book interest and currency risks on the activity of the Group and its members. The purposes of interest and currency risk management are: • minimization of potential loss from interest and currency risks; • strengthening of the bank's interest margin despite market conditions; • compliance with regulators’ requirements; • risk-return optimization.

3.2.3.2 Structure and organization of operations performed by divisions and collegial bodies for managing interest and currency risks in the banking book At the Group level, the powers for managing interest and currency risks in the banking book are distributed among the Executive Board, GRC, ALMC, the Treasury, Risk Methodology and Control Department, the Validation Department, COGM, and ICI&AD. The Executive Board approves the policy for managing interest and currency risks in the banking book and the regulations on collegial operating bodies (ALMC, GRC) responsible for managing interest and currency risks in the banking book. The Group's Risks Committee of Sberbank of Russia approves the Risk Appetite (RA) in terms of interest and currency risks, handles the infringements of RA limits and approves measures for rectifying such infringements. Assets and Liabilities Management Committee of Sberbank of Russia (ALMC) exerts general control and supervision over the management of interest and currency risks in the banking book and makes decisions on the following issues: • approves the system and principles for determining the limits of interest and currency risks in the banking book and the values of such limits; • handles the infringements of limits on interest and currency risks in the banking book and approves measures for rectifying such infringements; • approves the target banking book interest and currency position; • approves the parameters of hedging transactions; 67

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. • approves the internal regulatory documents on managing interest and currency risks in the banking book. To ensure efficient control and supervision over the management of interest and currency risks in the banking book, the Treasury provides ALMC with regular reports on the management of interest and currency risks in the banking book. The Treasury performs operating and strategic management of interest and currency risks in the banking book. The Treasury is empowered to: • evaluate interest and currency risks, conduct stress testing, and calculate the economic capital for risk coverage; • develop, analyze and provide, on a regular basis, offers regarding the strategy and target interest and currency position of the banking book; • perform operating and strategic management of the banking book interest and currency position; • develop a system and principles of determining the banking book interest and currency risk limits; • develop reporting templates and provide, on a regular basis, reports on interest and currency risks in the banking book, and monitor the use of limits. The Risk Methodology and Control Department implements regular independent control over compliance with the set limits on interest and currency risks in the banking book, and escalates limit violations to ALMC and GRC. The Validation Department implements independent, regular control over the risk of models for interest and currency risks in the banking book, in particular, it validates (verifies) the models of interest and currency risks, controls the improvement of models and submits the model validation results to GRC for consideration. The Global Markets Department (COGM) performs market operations as per orders provided by the Treasury. The Internal Control, Inspection and Audit Department (ICI&AD) independently evaluates the performance of the system, processes and infrastructure of management of interest and currency risks in the banking book.

3.2.3.3 Methodology for the assessment and monitoring of interest and currency risks in the banking book To assess the interest and currency risks in the banking book, the Group mainly uses the following metrics: • Interest gap reflects the overall time structure of changes in interest rates for all balance-sheet and off balance-sheet items with a breakdown of the nominal volume of assets and liabilities as per preset time intervals based on the periods of changes in interest rates subject to the clients' behavior or contractual terms.

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. • NPV sensitivity enables a quantitative evaluation of the possible effect of changes in interest rates on the net present value subject to client and structural (on the part of the Treasury) contributions to NPV. • Regulatory OFXP (currency gap) reflects the structure of open positions broken down by individual currencies for the Group and Group members, which is calculated as per the requirements of the Bank of Russia. • Currency risk sensitivity (currency revaluation) makes it possible to evaluate in quantitative terms the possible effect of changes in exchange rates on the pre-tax profit of the Group and Group members. • Economic capital required to cover the possible adverse effect on capital in a stress scenario of interest rates and foreign exchange rates. To improve the quality and accuracy of its interest and currency risk assessment models, the Group develops and implements models of behavior adjustments to take into account the clients' behavior on its cash flows, including depending on the dynamics of interest rates and foreign exchange rates.

3.2.3.3.1 Stress testing of interest and currency risks in the banking book The Group monitors its interest and currency position and risks both in assumptions corresponding to its current activities, and using stress testing under possible scenarios. Stress testing is conducted on a regular basis to analyze the probable effect of changes in the external market environment and changes related to business development on the interest and currency position and the compliance of current risk levels with the established Risk Appetite. Within the scope of risk management, the Group conducts the following types of stress testing for interest and currency risks: • integrated stress testing - regular stress testing across the whole group covering all types of risks of the Group and Group members; • regular stress testing of interest and currency risks based on stress scenarios developed by the Treasury to assess potential losses that may be incurred by the Group and/or individual Group members with respect to interest and currency risks in the banking book; • stress testing required by regulatory authorities. Reports on the results of stress testing of interest and currency risks in the banking book are included in the reports for the collegial executive bodies of the Group (ALMC and GRC) and Group members, and are part of regular management reporting.

3.2.3.4 Monitoring and reporting of interest and currency risks in the banking book The interest and currency risk monitoring includes a constant (on the part of the Treasury) and regular (on the part of ALMC and Risk Methodology and Control Department) analysis of the current interest and currency position and the respective risks in the banking book, control over the observance of interest and currency risk limits, and their comparison with the interest and currency position and corresponding quantitative interest and currency risk indicators for the previous period subject to previously taken decisions and measures. 69

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. 3.2.3.5 Analysis of exposure to interest and currency risks in the banking book In order to measure the interest rate risk, a standardized shock, in accordance with the recommendations of the Basel Committee, is used. Forecasting of possible changes in interest rates is carried out separately with respect to the ruble position and is aggregated by foreign currency. Interest rate shock is calculated as a 1% and 99% percentile of the distribution of the average interest rate change obtained by the method of historical simulations according to data at least for the last 5 years. As a basis interest rate for the assessment of ruble interest rate shock, an indicative rate of ruble interest rate swaps for a period of 1 year (RUB IRS 1Y) is used, and LIBOR 3M – for the currency position.

Table 3.17 Changes in interest income resulting from a shift in the interest curve

Decline in interest Growth of interest rates rates July 1, January July 1, January 2014 1, 2014 2014 1, 2014 RUB Change in interest rates, b.p. (368) (292) 696 570 Change in profit before tax, RUB bln 118.9 83.9 (224.6) (163.6) Foreign currency Change in interest rates, b.p. (14) (19) 52 66 Change in profit before tax, RUB bln (0.10) 0.82 0.38 (2.89)

The quantitative data on the Group's currency risk are provided in its IFRS interim condensed consolidated financial statements of June 30, 2014.

3.2.4 Operational risk

3.2.4.1 Operational risk management policy The operational risk refers to the risk of losses that may be incurred by the Group as a result of any faults or errors in its internal processes, information systems, unauthorized/unlawful actions or errors of its employees, or any external events. The above definition excludes strategic and reputation risks. Determining the capital for operational risk requires the inclusion into account of data about the damage from realization of legal risk incidents. The purpose of operational risk management, as part of the overall management of risks inherent in the Group members, is to prevent this kind of risk or to maximally reduce the threat of potential losses (direct and/or indirect) related to the organization of internal processes and to external factors (events), as well as to evaluate operational risk for estimating the required regulatory and economic capital and for creating an adequate system of internal control. The goals of the Group's operational risk management are attained based on a system and comprehensive approach that involves the following objectives: • prompt receipt of objective information about the condition and scope of operational risk; • identification and analysis of operational risk incurred by the Group members and the Group in general in the course of their operations;

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. • quantitative and qualitative assessment (measurement) of operational risk; • development of measures aimed at reducing and preventing operational risk of the Group members and the Group in general (risk minimization) or transferring such risk to third parties (insurance); • determining an acceptable level of certain types of operational risks within the scope of the approved Risk Appetite and economic feasibility of costs for their assessment, analysis, monitoring and building control mechanisms; • improvement of the internal system of operational risk control; • creating an operating control culture at all levels of the Group management. The following categories of operational risk are highlighted: • internal fraud; • external fraud; • HR policy and occupational safety incidents; • business practice incidents; • damage to tangible assets; • business interruptions or system failures; • process management incidents. At the Group level, the following main factors/events that can reinforce the effect and scale of operational risk are worthy of note: • changes in the laws and/or requirements of regulatory authorities; • business expansion and/or increased volumes of operations; • complication of financial instruments and strategies and/or mastering of new products and technologies; • complication of systems for the process support of operations and implementation of complicated data processing systems. The Bank has developed procedures for the identification and further assessment of operational risk. The identification methods are: • Daily analysis of data about the realized operational risk events and incurred damage. • Quarterly analysis of information about operational risks provided by the structural units in the course of self-assessment and following the scenario analysis of operational risks. • Analysis of business processes (risk audit) to identify the reasons and prerequisites for damage that have been or may be incurred by the Bank; analysis of the efficiency, adequacy and sufficiency of prevention and control systems; development of measures for control and/or reduction of operational risk. Analysis is performed on a regular basis. 71

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. • Regular analysis of current internal regulatory documents.

3.2.4.2 Structure and organization of work of operational risk management divisions and collegial bodies Operational risk management involves continuous identification, assessment, monitoring, control, and/or reduction of operational risk. The Bank relies on the 'three lines of defense' principle that implies division of responsibility areas in the process of operational risk management: Role Process participant Functions Business The heads of structural Management of operational risks of management and units, authorized employees divisions: support of divisions, persons  identification of operational risk responsible for the incidents and notification of the risks identification and division; assessment of operational  identification and analysis of reasons risks for, and circumstances of, operational risk incidents, development and implementation of measures for operational risk management and minimization;  self-assessment of operational risk exposure (including identification and assessment of current and potential risks and control mechanisms), participation in operational risk scenario analysis;  management of operational risks within headed divisions or business areas, coordination and control over the implementation of measures of operational risk minimization; Risk management Operational risks divisions  organization and coordination of and control over the operational risk management process; operational risk  evaluation of operational risk to level calculate and distribute capital to cover operational risk;  arrangement for the collection and processing of data on operational risk incidents;  development and implementation of operational risk self-assessment procedures;  development and implementation of a system for reporting and notifying the management about the operational risk level;  analysis (risk audit) of the Bank's processes to identify and assess operational risks, the efficiency of

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. control procedures and development, together with the divisions, of recommendations for improving processes, risk minimization measures and control mechanisms;  control over the implementation of approved measures and recommendations for operational risk minimization; The Group's Risks  approval of operational risk Committee of Sberbank of management rules; Russia  approval and submission of an Operational Risk Management Policy to the Bank's Executive Board for approval;  approval of operational risk minimization measures;  approval of the operational Risk Appetite level and control over its compliance;  approval of the calculated capital to cover operational risk; The Bank's Executive  determination, consideration and Board approval of the Operational Risk Management Policy;  control over the management of operational risks or delegation of the said powers to the relevant collegial body;

Independent control Internal Control, Inspection  independent evaluation of the and Audit Department risk management system. The Group's operational risk management is a two-level process: • The first level of management (carried out by the Executive Board and the Group's Risks Committee of Sberbank of Russia) is implemented within the scope of the Group's aggregate risk management. Among other things, this process involves formulation of requirements for and restrictions on operational risk management processes and management of such risk by the Group's members, and appointment of specific collegial bodies and structural units of the Group members responsible for operational risk management. At this level, the Group's operational risk management policy and rules are determined and approved. • The second level of management (carried out by the collegial bodies and special- purpose divisions of the Group members appointed by the Executive Board or the Group's Risks Committee of Sberbank of Russia) involves management of operational risks within the Group members subject to the requirements and restrictions established at the 1st level of management. At this level, policies,

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. rules and other regulatory documents defining the operational risk management by the Group members are approved. Efficient functioning of the operational risk management system requires strict compliance of the 2nd level processes with the restrictions and requirements established at the 1st level of management. The process of operational risk management by the Bank and Group members includes the following core stages: • Operational risk identification (detection and identification of reasons, prerequisites and circumstances of operational risk). • Operational risk assessment (analysis of information received as a result of operational risk identification, and determining the probability of operational risk events that may lead to losses, as well as the amount of incurred or potential damage). • Analysis of problem zones of processes, development and making of a decision on optimizing/changing the processes in order to reduce the level of operational risk. • Operational risk monitoring. • Control and/or reduction of operational risk (making a management decision with respect to the identified operational risk, and control over performance of the approved measures for operational risk mitigation and elimination of problem zones in processes).

3.2.4.3 Operational risk assessment methodology Assessment and prediction of the operational risk of the Group is based on the use of statistical information united into the database, containing a description of the facts of realized operational risks, both in the Group itself, and in other organizations in Russia and worldwide. Operational risk incidents are recorded in the internal database by operational risk unit staff. Recording of incidents above the set threshold is mandatory. Currently, the Bank is in transition from risk assessment based on basic indicators (BIA, Basic Indicator Approach) to using advanced models (AMA, Advanced Measurement Approach). Basic Indicator Approach is a simplified approach to the assessment of an operational risk in banks, offered in Basel II for the purpose of capital adequacy evaluation. In this approach, an average gross income of the bank for the last three years is a quantitative indicator. The risk is calculated as 15% of the basic indicator. Advanced models include the following operational risk approaches: • Internal Measurement Approach (IMA); • Loss Distribution Approach (LDA); • Scenario-based approach (SBA);

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. • Scorecard Approach (SCA).

3.2.4.4 Operational risk monitoring In the Group, structural units and operational risk units of the Bank/Group member conduct collection and a regular monitoring of calculated indicators describing operational risk level and control procedure efficiency. Operational risk self-assessment is a regular procedure carried out by structural units of the Bank/Group member and aimed at identification and assessment of the main (including potential ones) operational risks and operational risk management level in Bank/Group member units. Operational risk self-assessment has the aim of significant risks identification in control systems, control environment quality assessment, including risk indicators/control indicators for risk monitoring and risk minimization measures development. Self-assessment results are used as input data for Scenario analysis and risk indicators monitoring. Monitoring of key risk indicators and control indicators comprises collection and regular monitoring of calculated indicators describing operational risk level and control procedures efficiency on the part of structural units and operational risk units of the Bank or Group member. To monitor operational risk, the Group uses a system of reports for the management and collective bodies involved in the risk management processes. Operational risk reports are made, without limitation, as a part of the following reports: • report on operational risk incidents for the day; • weekly report on operational risk incidents, reasons thereof and measures taken to minimize the risk; • quarterly report on operational risk incidents, self-assessment results, scenario analysis, measures taken to minimize operational risk; • other reports upon request of the Management and Group's collective bodies. Operational risk factors assessments are considered through the whole process of strategic and business planning. Scenario analysis is a process of identification and evaluation of rare and extreme cases of operational risk which might have material consequences for the Bank or a Group member, should they come to life. It is carried out by the experts of structural units of the Bank or a Group member. The Scenario analysis allows assessing the impact of extreme cases of operational risk realization on structural units and readiness of the Bank or a Group member to operational risks, identifying the adequacy of the existing control procedures and development of risk mitigation measures, as well as improving the control environment.

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. 3.2.4.5 Bank group's operational risk amount As of July 1, 2014 As of January 1, 201433 The amount of Bank Group's operational risk, not calculated 147,756,143 thou.Rub. Income (net interest and non-interest) for the not calculated 2,955,122,851 calculation of capital to cover operational risk, thou.Rub

3.2.5 Other significant risk types

3.2.5.1 Liquidity Risk Liquidity risk management of Sberbank of Russia Group helps to secure for all the Group members the capability to perform their obligations to clients and contractors unconditionally and in due time, in compliance with the requirements of local regulators concerning the management of liquidity risk, both in normal business conditions, and in crisis situations. Liquidity risk appears as a result of mismatch in due dates of cash inflows and cash withdrawals (prescribed by both, contractual transaction dates, and real/factual client behavior). Liquidity risk can by classified into three types: Risk of physical liquidity is a risk of insufficiency of cash in a certain currency, which may lead to a default of its obligations to subcontractors at the current moment by an organization-Group member. Normative liquidity risk is a risk of violation by an organization-Group member of obligatory standards and other regulative requirements and limitations in liquidity risk management set in the countries of the Group's presence. Concentration risk (as a part of liquidity risk)/risk of structural liquidity is a risk of considerable deterioration of physical or normative liquidity arising due to insufficient diversification of liquidity sourced on the Liability part of the Balance-sheet (homogeneity of liquidity reserves, largest deposits, regional structure, etc.). Inside the organizations-members of Sberbank of Russia Group liquidity risk is managed by each Group member individually on the basis of unified standards, funding and resources allocation rules, limitations and authorizations, approved by decisions of collective Sberbank of Russia bodies taking into consideration every Group member's specific and requirements of local regulators. Liquidity risk is managed by means of: - introduction, control and forecast of the system of liquidity mandatory coefficients (standards and risk-metrics), which characterize liquidity risk of each Group member; - introduction of multi-level system of liquidity risk management limits for the Group, control and forecast of their implementation; - Business Planning and Funding Plan development; - interest rate level management; - motivation system; - development of the plan for financing of the activity in emergencies.

33 Operational risk amount is calculated based on the data from 0409803 Statement of Financial Performance as of December 31, 2013, December 31, 2012, December 31, 2011. The calculation algorithm complies with the requirements of the Bank of Russia. 76

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. Group members calculate risk-metrics for liquidity risk control and measurement. Not only metrics meeting requirements of local regulators are calculated but also those controlled at the Group's level. In order to prevent liquidity risk the Group has a multi-level limits system for liquidity risk management. Limits are approved by authorized collective bodies of Sberbank of Russia. Group members set additional strict and warning limits for managing normative, physical and structural liquidity inside the Group.

On a regular basis Group members evaluate and forecast their needs in funding while making a business plan and development strategy taking into consideration the environment at debt capital markets and availability of certain funding resources. To comply with liquidity risk limits while planning is mandatory. Interest rate level (both, as a part of internal funding and pricing and for setting interest rates for products) and approaches used for estimation of liquidity risk cost take into account liquidity of Group members and correspond to the goals of liquidity risk management. When necessary, a change in the interest rate setting approach is possible (both, for internal reallocation of resourced and for product interest rates) by the decision of collective bodies of Sberbank of Russia that correspond to the interests of Group members considering their liquidity. The liquidity risk assessment methods used provide timely calculation and forecast of risk-metrics of liquidity, as well as forecast of compliance to the set liquidity limits. To assess liquidity risk the balance sheet is made and forecast for each organization being a member to the Group. While forecasting the balance-sheet, amounts of future excessive or insufficient liquidity are estimated, and optimal sources of funding and balance-sheet structure for each Group member are identified. In assessment of liquidity risk, while forecasting their balance sheets, Group members implement scenario analysis considering changes in the balance sheet under influence of various risk factors, including in case of stress-scenario realization. In scenario analysis, potential situations, which may take place based on historical and/or hypothetical data are considered. The main aim of scenario analysis is to ensure the capability of a Group member to fulfill its obligations to clients and subcontractors and to comply with the set limits and requirements of local regulators to liquidity risk in case of a change in one or several risk factors. The goal of stress-testing is to assess possible liquidity gaps and their reasons, identify potential liquidity losses and the amount of required liquidity buffer to cover liquidity shortage in case of a crisis. Stress-testing allows pre-emptive measure taking to minimize potential losses, e.g. drawing conclusions on the necessity to change assets vs liabilities structure, amount and structure of liquidity buffer. As of July 01, 2014, all Group members comply with obligatory standards of liquidity and requirements of local regulators.

3.2.5.2 Legal Risk Legal risk – the possibility of the Bank suffering financial losses, unplanned expenses or the possibility of reducing projected revenues as a result of:

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014.  inconsistency of internal regulatory documents, organizational and administrative documents of the Bank/Group member, with the requirements of legislation, legal acts and law enforcement practice;  failure to take into account (ignoring) the judicial and law enforcement practice;  deficiencies of the legal system (contradictory laws, lack of legal norms on regulating certain issues arising in the activities of the Bank);  legal errors made in the activities implementation (incorrect legal advice or improper execution of Bank's internal documents, contracts). The purpose of legal risk management as a constituent part of the Group's integrated risk management system is to ensure sustainable development of the Bank and Group members in implementing the development strategy, approved by the Supervisory Board of the Bank, and to ensure compliance of the activities and products of the Bank/Group members with the requirements of the law and law enforcement practice. The main factors/events that can reinforce the influence and scale of legal risk are:  changes in the laws, requirements of regulatory authorities, judicial and law enforcement practice;  inconsistency of judicial and law enforcement practice, and regulatory collisions;  complication of financial instruments and strategy/ies, mastering of new products and technologies. In order to support the decision making and to respond in a timely manner to changes in the level of legal risk, the Group creates timely and standardized reporting of facts of disposal of losses (damages) related to the realization of legal risk, current level of legal risk, legal risk management level, and current status of measures for legal risk minimization.

The level of legal risk is compared with the data for previous reporting periods; when there are significant deviations, the reasons for the sharp increase or decrease in the corresponding figure are being analyzed and, if necessary, proposals for amending the banking processes are prepared.

Currently, the Group members are implementing a system of legal risk management and developing their internal regulatory documents on legal risk management. 3.2.5.3 Tax risk Tax risk – an uncertainty relative to achieving a business objective as a result of the impact of factors, associated with the taxation process, which may manifest itself in the form of financial losses or other negative consequences as a result of current or future events and processes in tax-related legal relations and tax accounting, or events and processes that influence tax-related legal relations and tax accounting. The goal of the Group in tax risk management is limitation of such negative for the Group's activity consequences of tax risks (fiscal, reputation, financial and other) realization as a part of the unified tax strategy supporting Group's business goals. Till the unified system is introduced, tax risk is managed by every Group member on their own. In 2013, the processes and procedures for tax risk identification, assessment and management were put into a system, documented and tested, i.e. the base for development of a unified system and organization of tax risk management was created in each member of Sberbank of Russia Group member. Currently, the developed system of tax risk management

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. (target model) is being implemented by Sberbank of Russia and distributed in a stage-by-stage manner to individual Group members. Tax risk management system is based on the principles of transparency, professional conservatism, prevention of violations of applicable tax laws and maintaining the reputation of a good-faith taxpayer, as well as on an open and constructive dialog with supervisory, regulatory and legislative bodies on issues concerning the development and application of tax legislation. The target model of the tax risk management system includes five successive processes implemented by the members in accordance with the approved allocation of functions and powers of members:  Identification - is carried out within the scope of internal tax control (including in the course of preliminary tax examination, current control and subsequent inspections), as well as analysis of external factors having an effect on the activities of a Group member.  Assessment – is carried out based on analysis of quantitative and qualitative parameters constituting tax risk, the list of which is provided in the internal regulatory documents of a Group member.  Selection of the method of tax risk management is performed subject to the acceptability of tax risk and assessment of potential losses inherent in each of the possible methods of tax risk management involving active effect on the parameters of tax risk with the purpose of its reduction. Such methods, in particular, include:  creation of methodological positions;  structuring of transactions;  payment of tax under the most conservative option;  refusal from an operation being the source of unacceptable tax risk;  using the system of powers for decision-making;  automation of tax processes;  monitoring of tax laws and law enforcement practice;  participation in law-making activities.  Monitoring of tax risks involves regular updating of information about previously identified tax risks, and tracking of the status of tax risk management measures throughout its whole lifecycle.  Control over the efficiency of the system is ensured by the Internal Audit Service and involves the inspection of the efficiency of the methodology and procedures of tax risk management established by the Bank's internal regulatory documents and the application of such documents. The single approaches to the identification and assessment of tax risks that underlie the target model at the level of each bank Group member will help to:  accumulate and systematize information about the expected and actual tax risks;  confirm the expert evaluation of tax risk materiality;  assess the level of methodological errors in tax risk evaluation and the expediency of referring such risk to risks subject to quantitative assessment with respect to which risk appetite and demand for capital will be determined.

3.2.5.4 Compliance Risk Compliance risk means the risk of application of legal sanctions or sanctions of regulators, significant financial loss or loss of reputation of the Bank or other Group member as a result of their non-compliance with laws, regulations, rules, standards of self-regulatory organizations, or codes of conduct and ethical norms of business. The main directions of the activities of the Bank and the Group members in compliance risk management are: 79

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014.  Prevention of misuse of authority and corruption actions of employees of the Bank and Group members;  Prevention and settlement of conflicts of interest arising in the course of performance by the Bank and Group members of their activities;  Counteraction of money laundering and financing of terrorism;  Compliance with license requirements and other regulatory requirements related to financial markets;  Ensuring of market conduct and fair competition when performing transactions on financial markets, prevention of unscrupulous business practices on financial markets (use of insider information, price manipulation, etc.);  Compliance with economic sanctions and restrictions established by the Russian Federation, as well as international organizations and certain countries;  Protection of the rights of clients, including as regards investment activities.

Identification of compliance risk is performed by means of monitoring and analysis of:  Changes in legislation and statutory regulations;  Results of audits of regulatory and supervisory authorities, the Internal Audit Department, inspections and audit of the Bank and the relevant divisions of the Group members, divisions responsible for analysis and assessment of risks of the Bank and Group, and realized compliance risk;  New products and procedures, current transactions and processes, as well as changes thereto;  Applicable best practices in accordance with goals and objectives of the compliance.

Compliance risk may be assessed with the use of the following:  Quality assessment based on data of expert assessments following the results of: o Analysis of legislative and regulatory control mechanisms; o Analysis of the fields of activities of the Bank or Group; o Analysis of applicable methods and procedures of compliance risk management; o Analysis of activities of competitive market participants;  Quantitative evaluation of the financial and other consequences in the event of realization of compliance risk.

3.2.5.5 Regulatory Risk Regulatory risk shall mean the risk of the occurrence of negative financial and other consequences for the Bank and Group if a competent authority (person) exercises its right to develop a statutory regulation 34and there is a possibility of its adoption.

The main indicator specifying the risk level is the total number of legislative drafts regulating activities of the Bank and Group members being developed and submitted to the State Duma and bearing regulatory risk.

34 A statutory regulation shall mean a federal constitutional law, federal law, by-law.

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. At this stage of creating a system for regulatory risk management, the decision on the level of regulatory risk shall be taken based on the legislative draft priority. Priority Priority justification Support proposal very affects the Bank's business, procedures, and implies Active participation, cooperation with the highly severe negative consequences Competent Authority, preparation of high materials to support the Bank's interests, severity of regulatory risk – extremely high report to the Bank Management high affects the Bank's business, procedures, but does not Active participation, cooperation with the imply highly severe negative consequences Committee, preparation of materials to support the Bank's interests as required severity of regulatory risk – moderate and high moderate does not affect the Bank's business and processes, but Monitoring of passage and control of there is a significant possibility that they will potentially introduced changes, responding to the affect/are affecting the Bank's business and processes, unacceptable amendments, affecting the but the consequences are insignificant Bank's obligations to submit requests to business units severity of regulatory risk – low and moderate low does not affect the Bank's business and procedures, but Monitoring of passage and control of affects the legal environment the Bank operates in. introduced changes, responding in the (for event of unacceptable amendments affecting the Bank's obligations (passive information) observation)

3.2.5.6 Risk of loss of goodwill Risk of loss of goodwill – the risk arising as a result of negative perception of the Bank on the part of customer, counterparties, shareholders, investors, lenders, market analysts, and supervisory authorities, which may adversely affect the Bank's ability to support existing and new business relationships, to maintain continuous access to financial resources, for example, on the interbank market. The system of management of this risk is under development.

3.2.5.7 Strategic and Business Risks Strategic risk is the risk of losses that may be suffered by the Group in the long term (over 1 year) as a result of errors (deficiencies) committed in making decisions that define the strategy of operations and development of the Group (strategic management) and represented by a failure to take into account or inadequate accounting of possible dangers that may threaten the Group's operations, incorrect or inadequately justified definition of prospective areas of activities in which the Group may gain competitive advantage over its rivals, missing or insufficient resources (financial, material and technical, human) and organizational measures (management decisions) intended to ensure achievement of the strategic operating goals of the Group. Business risk is defined as the risk of losses that may be incurred by the Group in the short term (up to 1 year) due to changes in the external environment (including changes in the Group's earning capacity, for example, because of a drop in sales or increased operating expenses). To manage strategic and business risks, the Group has built consistent processes of strategic and business planning and management of project activities, as well as a system for managing the performance of executives. 81

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. In the course of preparing the Group Development Strategy for 2014-2018, possible macroeconomic development scenarios were analyzed. Several scenarios of expected development of the Russian economy were made and triggers to switch between the scenarios were determined. The Strategy benchmarks are based on profound examination of the main social, economic and process trends in Russia and worldwide, the analysis of the attractiveness of individual business areas and the evaluation of the Group's level of development of its main systems and processes compared with the best world practices. On a regular basis the Group and Group members evaluate the results of the Development Strategy implementation and the attainment of the business plan target indicators. The analysis of deviations between actual and target indicators, the forecast of the strategy and business plan fulfillment subject to newly discovered circumstances are, among other things, the basis for decisions on adjusting the strategy or business plan, making it possible to reduce the potential adverse effect from strategic and business risks. In case of cardinal changes in the market environment, the Development Strategy may be adjusted and local changes in the Group's operating environment are taken into account in current business planning by prioritizing individual programs and areas of development. Sberbank Development Strategy for 2014-2018 is published on the Bank’s official website.

3.2.5.8 Model Risk

Assessment of the accepted risks level Model risk is the risk arising from uncertainties (errors) of results of models (including risk measurement models, models for assessing the value of securities and financial instruments, liquidity or ALM assessment models), including the risk of model parameters changing over the course of time. The purpose of evaluating the Model Risk level is to ensure compliance of all quantitative risk assessment models used by the Group with the approved requirements as regards quality, forecast accuracy and stability thereof. Risk Management Model risk management is set out in the following regulatory documents:  Model risk management policy;  Quantitative risk assessment management procedure;  Model validation methods (by risk and model types). Model risk management is performed by the following officials, subdivisions and committees. GRC:  considers the summarized results of model validation for the reporting period;  accepts the model risk in cases when the model owners and the validation department agree that the model cannot be improved but must be used. Risk Department Manager (CRO):  approves model validation reports (except for liquidity and ALM forecasting models);  approves model validation procedures;  submits results of model validation for the period to the GRC. Finance Department Manager (CFO):

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014.  approves liquidity and ALM forecasting model validation reports;  agrees upon liquidity and ALM forecasting model validation procedures. CRO of Subsidiary Banks:  approves model validation reports within the scope of its responsibility;  reports to the GRC on the results of modeling and model validation. Validation Department:  develops model validation procedures;  performs planned and off-schedule model validation;  submits validation results to the GRC;  maintains and monitors the Group model library;  performs control over model revision. Internal Control, Inspections and Audit Department:  carries out planned and unscheduled inspections and assesses the extent of application and efficiency of model risk management procedures;  assesses the quality of managerial decisions of employees responsible for the liquidity status;  the Internal Control, Inspections and Audit Department shall report the identified violations regarding compliance with the requirements of this Policy to the Bank's management and divisions at fault. Divisions responsible for model risk management submit to the GRC meeting proposals to address the violations identified by the Internal Control, Inspections and Audit Department and improve the system for control over the compromised procedures. Arrangement of the model validation process The Group has established a procedure for validation of models used for model risk assessment. The purpose of validation is to assess the current efficiency of the model versus its expected performance, or assessment of model performance dynamics taking into account the requirements of Basel II standards. Model validation is carried out by the Validation Division of the Central Head Office of Sberbank of Russia based on the methodology defined by internal regulations. Model validation is a multistep process including information/data gathering stage, the model examination, validation sample preparation, comprehensive analysis of the model finalized by a report stating the model shortcomings identified and recommendations regarding possible solutions. There are two main types of model validation:  Initial validation is performed at the new model approval stage, before submitting the finished model for CRO approval.  Deep validation is detailed analysis of the model efficiency for a certain period of time. Deep validation of a model shall be performed not less than once a year. Validation shall be carried out as per the agreed validation plan for the current year. In addition, for the purposes of further monitoring of models an unscheduled validation of models may be carried out in accordance with decisions of collegial authorities. Technically, the process of model validation consists of a number of quantitative tests and qualitative analysis of the model and the conditions of its application. Qualitative tests represent the qualitative analysis of the model and are intended to assess the quality and reasonableness of the model choice in comparison to similar models. Quantitative tests are aimed at comparing the level of model performance recorded at the design stage with the current

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. efficiency at the stage of validation. Quantitative tests are carried out with the use of statistical methods recommended for model assessment by the Basel Committee on Banking Supervision. Each test may combine the descriptive part (an answer to the test question), calculation of one or more statistical indicators, graphical display of the test result to facilitate interpretation (graph or chart), as well as a "traffic light" with the corresponding color to visualize the test result. Evaluation of the model efficiency by each of the indicators shall be carried out based on a comparison of their expected values and actual values obtained at the data sampling for validation. For this purpose, trigger levels for each of the parameters shall be set to allow us to determine the acceptance/rejection areas for each test. In the event of unsatisfactory results, recommendations for elimination of the model shortcomings shall be formulated to improve the risk assessment quality. As of the end of H1 2014 the following model risk conditions were recorded:

No review is Critical comments, review is Type of risk Minor comments required required

Sberbank of Russia models

Retail risks 21 16 17 Corporate risks 4 7 8 Global risks 4 Domestic bank 60 16 Aggregated risks 1 2

Subsidiary models

Retail risks 27 24 1 Corporate risks 1 Aggregated risks 11

4 WAGE POLICY OF THE BANKING GROUP 4.1 Wage Policy The corporate wage policy was approved in 2013 as a formalized document combining the key principles previously supported through the use of the system of standards, regulations, procedures and other internal regulatory documents, and applies to all departments and branches of the Bank. The remuneration policy is aimed at maintaining the Bank's strategy through its focus on the strategic goals of development and by the use of tools for regular performance evaluation through a system of balanced performance indicators. The corporate wage policy is aimed at ensuring the efficient management of the general remuneration system, which is designed to attract, retain, motivate, promote the career and professional development of employees, whose qualifications and performance contribute to achieving the business and strategic objectives of the Bank.

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. The wage structure includes fixed and variable components. The ratio of fixed and variable components in the total income structure varies depending on the position grade and specific functional duties of the employee, or job tasks of its division. Variable remuneration is associated with the result of achieving and over-achieving various key performance indicators: individual and group; financial and non-financial. The basic elements of the variable remuneration are quarterly bonuses and remuneration depending on the performance results for the year. Monthly bonuses for certain categories of positions are also provided. The wage policy in other Group members shall be generally developed in accordance with the above principles.

4.2 Risk-Based Remuneration System The Bank continuously develops and improves its performance management system with the use of key performance indicators at all management levels, particularly for employees whose work is directly related to risk management and risk taking. Targets and performance indicators of key employees responsible for risk management and compliance are associated with the development of a high-quality and modern risk management system, identifying and minimizing various types of risks and are evaluated regardless of short-term business results. The Bank strives to constantly develop and improve its risk management system. When developing and implementing a remuneration system, configuring the system of collective and individual goals and performance indicators by the Bank, special attention is paid to estimating and managing current and potential risks. Special attention is paid to credit risks, financial market operations risks, ALM risks, liquidity risks, compliance risks, etc. Evaluation of these risk indicators and objectives as to prevent and minimize the negative effects are part of a complex system for evaluation of key personnel responsible for management of dedicated risk groups. Variable remuneration funds are being created based on the Bank's performance (or that of its divisions and branches), which is considered in the context of the level of exposure. This being the case, the existing internal regulations on bonus payments provide for a connection between the remuneration and the performance achieved, including the option of reducing premium funds in the event of failure at the level of the Bank/division to meet the established targets. An additional element to account for possible risk in bonus payments is a system, applied in business units, of partial payment of the annual remuneration for possible adjustment of the amount if the actual performance differs from targets. Regular monitoring of target achievement and a system of periodical assessment based on measurable results allows a more objective estimation and forecasting of targets and reduces the risk of not achieving them upon year-end results. Currently a system of long-term remuneration of executives and employees of the Bank taking risks is being implemented. This system provides for payment of variable remuneration deferred for up to 3 years. This being the case, the deferred bonus payments may be reduced or waived in the event of negative financial performance of the Bank as a whole or for a certain business line. Adjustment of the deferred part of variable remuneration shall be based on the risks accepted by the Bank, its divisions and employees. Once this system is tested in the Bank, it would be possible to spread it to other Group members as well.

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. APPENDIX 1. LIST OF GROUP MEMBERS ACCOUNTED FOR IN MANAGEMENT COMPANY STATEMENTS

Full name of the legal entity - Group member, in whose statements annual returns of the No. Full name of the legal entity - Group member banking (consolidated) group member mentioned in column 2 are accounted for 1 2 4 1 SBGB CYPRUS LIMITED SB International S.a.r.l. 2 Troika Dialog Group Limited SB International S.a.r.l. 3 Sberbank CIB USA, Inc. SB International S.a.r.l. 4 Sberbank CIB (UK) Limited SB International S.a.r.l. 5 T.D. E.S.O.P. Holdings Limited SB International S.a.r.l. 6 SA&PM (Cyprus) Limited SB International S.a.r.l. 7 Bloominvest Holdings Limited SB International S.a.r.l. 8 SBTVF Limited SB International S.a.r.l. 9 Polenica Investments Limited SB International S.a.r.l. 10 Nikitas Brokerage Limited SB International S.a.r.l. 11 Roinco Enterprises Limited SB International S.a.r.l. 12 SIB (CYPRUS) LIMITED SB International S.a.r.l. 13 TD Consult (Bermuda) Limited SB International S.a.r.l. 14 Mainframe Investments Limited SB International S.a.r.l. 15 Troika General Partner Limited SB International S.a.r.l. 16 Troika Capital Partners Limited (Bermuda Islands) SB International S.a.r.l. 17 Troika Capital Partners Limited (Republic of Cyprus) SB International S.a.r.l. 18 TD KUA Holdings Limited (Republic of Cyprus) SB International S.a.r.l. 19 TD KUA Holdings Limited (Bermuda Islands) SB International S.a.r.l. Troika Dialog Ukraine Pension Fund Asset Management / 20 SB International S.a.r.l. Administration Limited Liability Company 21 Silver Standard Operations Limited SB International S.a.r.l. 22 Rocket (Bermuda) Limited SB International S.a.r.l. 23 TDAM (Bermuda) Limited SB International S.a.r.l. 24 TDAM Private Equity (Bermuda) Limited SB International S.a.r.l. 25 Troika Dialog Investments Limited SB International S.a.r.l. 26 Troika Dialog Avto Holdings Limited SB International S.a.r.l. 27 Verner Holdings Limited SB International S.a.r.l. 28 Sberbank CIB Closed Joint-Stock Company SB International S.a.r.l. Sberbank Asset Management Closed Joint-Stock 29 SB International S.a.r.l. Company 30 SIB Finance Adviser Closed Joint-Stock Company SB International S.a.r.l. 31 SIB Finance Adviser Closed Joint-Stock Company SB International S.a.r.l. SBVC Management Company Closed Joint-Stock 32 SB International S.a.r.l. Company 33 Bogatyrskaya Troika Limited Liability Company SB International S.a.r.l. 34 Russian Folk Tale Bogatyrs Limited Liability Company SB International S.a.r.l. 35 3D Closed Joint-Stock Company SB International S.a.r.l. 36 TD Soft Limited Liability Company SB International S.a.r.l. 37 Sberbank AM UCITS Fund SB International S.a.r.l. 38 SIB Finance Limited Liability Company SB International S.a.r.l. 39 Rising Star Stichting Administratikantoor SB International S.a.r.l. 86

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. Full name of the legal entity - Group member, in whose statements annual returns of the No. Full name of the legal entity - Group member banking (consolidated) group member mentioned in column 2 are accounted for Pension Accruals Management Company Limited Liability 40 SB International S.a.r.l. Company 41 Sberbank BH d.d. Sarajevo Sberbank Europe AG 42 "Sberbank" A.D. Banja Luka Sberbank Europe AG 43 Sberbank d.d. Sberbank Europe AG 44 Sberbank Srbija a.d. Beograd Sberbank Europe AG 45 PJSC "VS Bank" Sberbank Europe AG 46 Sberbank banka d.d. Sberbank Europe AG 47 Sberbank CZ, a.s. Sberbank Europe AG 48 Sberbank Slovensko, a.s. Sberbank Europe AG 49 Sberbank Hungrary Ltd Sberbank Europe AG 50 BEVO-Holding GmbH Sberbank Europe AG 51 PRIVATINVEST d.o.o. Sberbank Europe AG V-Dat Informatikai Szolgaltato es Kereskedlmi Korlatolt 52 Sberbank Europe AG Felelossegu Tarsasag Uj "Garai ter" Ingatlanforgalmazo es Ingatlanhasznosito 53 Sberbank Europe AG Korlatolt Felelossegu Tarsasag Egressy 2010 Ingatlanforgalmazo Korlatolt Felelossegu 54 Sberbank Europe AG Tarsasag 55 Sberbank Nekretnine d.o.o. Sberbank Europe AG Garay Center Ingatlanforgalmazo es Ingatlanhasznosito 56 Sberbank Europe AG Korlatolt Felelossegu Tarsasag 57 "SUPER KARTICA" d.o.o. Beograd Sberbank Europe AG 58 Deniz Finansal Kiralama Anonim Şirketi DENIZBANK ANONIM SIRKETI 59 Deniz Faktoring Anonim Şirketi DENIZBANK ANONIM SIRKETI 60 Deniz Yatırım Menkul Kıymetler Anonim Şirketi DENIZBANK ANONIM SIRKETI 61 İntertech Bilgi işlem ve Pazarlama Ticaret A.Ş. DENIZBANK ANONIM SIRKETI 62 Ekspres Yatırım Menkul Değerler A.Ş. DENIZBANK ANONIM SIRKETI 63 Deniz Portföy Yönetimi A.Ş. DENIZBANK ANONIM SIRKETI 64 Denizbank Kültür Sanat Yayıncılık Ticaret ve Sanayi A.Ş. DENIZBANK ANONIM SIRKETI 65 DENIZ GAYRIMENKUL YATIRIM ORTAKLIGI A.S. DENIZBANK ANONIM SIRKETI 66 Euro Deniz International Banking Unit Limited DENIZBANK ANONIM SIRKETI 67 Denizbank AG (WIEN) DENIZBANK ANONIM SIRKETI 68 Denizbank Moscow Closed Joint-Stock Company DENIZBANK ANONIM SIRKETI 69 Pupa Gayrimenkul Kiralama ve Yönetim Hizmetleri A.Ş. DENIZBANK ANONIM SIRKETI 70 Deniz Kartlı Ödeme Sistemleri A.Ş. DENIZBANK ANONIM SIRKETI Açık Deniz Radyo ve Televizyon İletişim Yayıncılık 71 DENIZBANK ANONIM SIRKETI Ticaret ve Sanayi A.Ş. Bantaş Nakit ve Kıymetli Mal Taşıma ve Güvenlik 72 DENIZBANK ANONIM SIRKETI Hizmetleri A.Ş. 73 DENIZ VARLIK YONETIM ANONIM SIRKETI DENIZBANK ANONIM SIRKETI 74 DENIZ IMMOBILIEN SERVICE GmbH DENIZBANK ANONIM SIRKETI BPS-Sberbank Open Joint-Stock 75 Narochanskaya Niva 2004 Limited Liability Company Company BPS-Sberbank Open Joint-Stock 76 BPS Leasing Closed Joint-Stock Company Company BPS-Sberbank Open Joint-Stock 77 TASK Closed Joint-Stock Insurance Company Company 78 SB Global Closed Joint-Stock Company BPS-Sberbank Open Joint-Stock 87

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014.

APPENDIX 2. LIST OF GROUP MEMBERS, WHO ARE INSIGNIFICANT ACCORDING TO THE GROUP'S ACCOUNTING POLICY

No. Full name of the legal entity - Group member 1 SB Luxembourg S.a.r.l. 2 SB LEASING IRELAND LIMITED 3 SB Securities S.A. 4 SB Invest Limited Liability Company 5 Savings Capital Limited Liability Company 6 Sberbank Leasing Nord Closed Joint-Stock Company 7 Southern Automotive Group Limited Liability Company 8 Soda Chlorate Limited Liability Company 9 SBERBANK INVESTMENTS LIMITED 10 SBK Limited Liability Company 11 ARZIL Open Joint-Stock Company 12 Sberbank Technologies Closed Joint-Stock Company 13 SBI Voskhod Capital SICAV-SIF 14 SBK Invest Limited Liability Company 15 Solid-Cast Systems Limited Liability Company 16 IKS Closed Joint Stock Company 17 Sberbank Insurance Company Ltd. 18 YuzhStal Limited Liability Company 19 SBK Dubinino Limited Liability Company 20 Universal Electronic Card Open Joint-Stock Company 21 Saturn-A Closed Joint-Stock Company 22 DUBININO Agro-Industrial Complex Open Joint-Stock Company 23 SBK Metal Limited Liability Company 24 RUST Closed Joint-Stock Company 25 Galaxy-M Closed Joint-Stock Company 26 Grand Baikal Limited Liability Company 27 AMGM S.a.r.l. 28 STATUS Registration Society Closed Joint Stock Company 29 Gros Limited Liability Company 30 Strategy Partners Group Closed Joint-Stock Company 31 Avicenna-Sochi Limited Liability Company 32 Premium Spirits Limited Liability Company 33 GARANT-SV Limited Liability Company 34 Ust-Labinsk Meat Processing Plant Limited Liability Company 35 Loyalty Programs Center Closed Joint-Stock Company 36 PG MAIR INVEST Open Joint-Stock Company 37 United Credit Bureau Closed Joint-Stock Company 38 Moscow City Golf Club Limited Liability Company 39 Sberbank Leasing Kazakhstan Limited Liability Company 40 EuroStroyProject Limited Liability Company 41 Sberbank Special Depository Limited Liability Company 42 Prospekt Ogni Limited Liability Company 43 KORUS Consulting CIS Limited Liability Company 44 Gora Sobolinaya Baikal Ski Resort Limited Liability Company 45 Social Guarantees Open Joint-Stock Company 46 Georgievsk Reinforcement Plant Limited Liability Company 47 Modern Technologies Limited Liability Company 89

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. No. Full name of the legal entity - Group member 48 Delovaya Sreda Closed Joint-Stock Company 49 Yasen-K Limited Liability Company 50 SBERBANK LEASING UKRAINE Limited Liability Company 51 Holding-A Limited Liability Company 52 Kraftum-RUS Limited Liability Company 53 Sberenergodevelopment Limited Liability Company 54 Regional Cash Management Center Open Joint-Stock Company 55 Zagorsky Paint Plant Limited Liability Company 56 Sberklyuch Limited Liability Company 57 Hermes Closed Joint-Stock Company 58 Voskhod Capital S.a.r.l. 59 Rusvtormet-Center Closed Joint-Stock Company 60 Sulin Metallurgical Company Limited Liability Company 61 SVK Invest Limited Liability Company 62 Strategy Partners Kazakhstan Limited Liability Partnership 63 Apsheronsk-Lagonaki Open Joint-Stock Company 64 KORUS Distribution Limited Liability Company 65 ARZIL Vtormet Limited Liability Company 66 SB Leasing Cyprus Limited 67 GLANBURY INVESTMENTS LTD 68 Portopunkt-Adler Limited Liability Company 69 Krasnaya Polyana Hotel Management Limited Liability Company 70 DERWAYS AUTO Limited Liability Company 71 Russian Hills Limited Liability Company 72 Nitol Solar Limited 73 SBK Retail Limited Liability Company 74 Construction Consulting Limited Liability Company 75 ActiveBusinessCollection Limited Liability Company 76 Karolyi Ingatlan 2011 Korlatolt Felelossegu Tarsasag 77 ALB EDV-Service GmbH 78 TEAM DUNAHAZ Kft. 79 ALPHA Plus, s.r.o. 80 BAMCARD d.o.o. Sarajevo 81 PS Yandex Money Limited Liability Company 82 Non-Bank Credit Organization Yandex Money Limited Liability Company 83 Sberbank Service Limited Liability Company 84 United Processing and Billing Center of Oryol Region Open Joint-Stock Company 85 Regional Unified Information and Settlement Center, open joint-stock company 86 Unified Information and Settlement Center for Kaluga Region, Open Joint-Stock Company 87 AUTOMATED TRADING SYSTEM - UKRAINE Limited Liability Company 88 SBK-Auto Limited Liability Company 89 SBK Yugra Limited Liability Company 90 SBK Uran Limited Liability Company 91 SB Capital S.A. 92 Universal Electronic Card Non-Bank Credit Organization Limited Liability Company 93 SBK PROJECT Limited Liability Company 94 SBK AGRO-INVEST Limited Liability Company 95 SBK STEKLO Limited Liability Company 96 SBK AKTIV Limited Liability Company 97 SBK GEOFIZIKA Limited Liability Company 98 TRANSPORT AMD-2 LIMITED 99 Sherigo Resources Limited 100 Derways Motor Limited Liability Company 90

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. No. Full name of the legal entity - Group member 101 MST PROJECT Limited Liability Company 102 PARAMOUNT GOLD MINING Closed Joint-stock Company 103 LERNAIN ARSTUTYUN Limited Liability Company 104 Panclub Enterprises Limited 105 AWAMAR HOLDINGS LIMITED 106 Universal Electronic Card - Irkutsk Region Open Joint-Stock Company 107 Sberbank General Insurance Company Limited Liability Company 108 Sberbank Insurance Broker Limited Liability Company 109 Cypress 2 Limited Liability Company

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014.

LIST OF REGULATORY DOCUMENTS

1. Regulations of the Bank of Russia "On procedure of creating provisions for possible losses on loans, loan debt and its equivalents by credit institutions", No. 254-P, dated March 26, 2004. 2. Bank of Russia Directive No. 3080 issued on October 25, 2013 "On Forms, Procedure and Terms of Disclosure by Parent Banks of Banking Groups of Information on Incurred Risks and Procedures for the Risks and Capital Management Assessment ". 3. Directive No. 3090-U of the Bank of Russia "On calculation of the value of equity (capital), on mandatory regulations and values (limits) of open currency positions of banking groups", dated October 25, 2013. 4. Directive of the Bank of Russia "On the list, forms and procedures for preparing and submitting reporting forms by credit institutions to the Central Bank of the Russian Federation", No. 2332-U, dated November 12, 2009. 5. Regulations of the Bank of Russia "On methods of determining the value of equity (capital) of credit institutions and assessment of its adequacy", No. 395-P, dated December 28, 2012 ("Basel III"). 6. Instruction of the Bank of Russia "On mandatory statutory ratios of banks", No. 139-I, dated December 3, 2012 (Registered with the Ministry of Justice of Russia on December 13, 2012 under No. 26104). 7. Regulations of the Bank of Russia "Regulations on the procedure of marketing risk calculation by credit institutions", No. 387-P, dated September 28, 2012. 8. Regulations of the Bank of Russia "On the procedure of operation risk calculation", No. 346-P, dated November 3, 2009. 9. "International Convergence of Capital Measurement and Capital Standards: A Revised Framework. Comprehensive Version" (Basel II), June 2006. 10. “Basel III: A global regulatory framework for more resilient banks and banking systems” (a revised version was published in June 2011). 11. “Basel III: International framework for liquidity risk measurement, standards and monitoring.”

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014.

LIST OF TERMS

English-language terms

Term Definition

A model of evaluation of the economic capital for the Bank's transaction AMA model risk, developed in accordance with the advanced approach to capital evaluation (using mathematical models).

Non-performing loans Total amount of debts on credits in arrears on the principal and/or interest, 90+ (NPL 90+) as of the reporting date exceeding 90 days.

Russian-language abbreviations

Term Definition

Risk Weighted Assets Sum of the Group's balance and off-balance assets, weighted using the (RWA) ratio varying depending on the risk level typical for such asset category.

Process of risk assessment for an individual transaction/operation under a Underwriting standard risk-assessment technology.

A system of indicators determining the total maximum risk level (possible losses) of the Group that the Bank is ready to accept in the course of value creation, achievement of established objectives, including the target rate of return, implementation of strategic initiatives and completion of its primary mission. The maximum risk level is considered such maximum value of the risk level, where standards established by internal documents are fulfilled, and there is no need to take measures aimed at reduction of Risk Appetite the risk level.

Document of the Basel Committee on Banking Supervision "International Convergence of Capital Measurement and Capital Standards: A Revised Basel II Framework - Comprehensive Version", June 2006.

Documents of the Basel Committee on Banking Supervision “Basel III: A global regulatory framework for more resilient banks and banking systems” (a revised version was published in June 2011) and “Basel III: International framework for liquidity risk measurement, standards and Basel III monitoring.”.

Value of capital required by the Bank to cover prospective unexpected losses as a result of realization of the Bank's risks within the pre- determined time horizon with the established confidence coefficient Economic capital acceptable for the Bank.

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. LIST OF ABBREVIATIONS

English-language abbreviation

Acronym Definition

AFS Portfolio of securities available for sale

CIB The Bank's Corporate & Investment Business Unit

CF credit factory

CPM Credit portfolio model

ALM risk Interest rate and currency risks in the banking book

CRO of the Bank (CRO of Deputy Chairman of the Bank's Executive Board, supervising the Risks Department the Group)

LGD Loss Given Default

EAD Exposure at default

EL Expected loss

NCF Decentralized lending technology

NPL Non-performing loans

PD Probability of default

RWA Risk weighted assets

SNL Single Name Limit

VaR Value-at-risk

Russian-language abbreviations

Acronym Definition

RA Risk Appetite

Bank Sberbank of Russia

DRG Dedicated risk group

IRD Internal regulatory document of Sberbank of Russia

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014.

Acronym Definition

ICAAP Internal capital-adequacy assessment procedures

ISU Internal structural unit of Sberbank of Russia

Group Sberbank of Russia Banking Group

GRB Group of related borrowers

SBHQ Sberbank of Russia Headquarters

DRMC Department of Risks Methodology and Control

AFR Available financial resources

IRM Integrated risk management

Structural subdivisions of the Bank, responsible for the Group's risks analysis and IRM of the assessment on a consolidated basis, with regard to interdependence of various types of Group risks

IRM of Group Structural subdivisions of the Group members exclusive of the Bank, responsible for members supporting the integrated risk-management process at the level of a Group member

Credit and Investment Committee of Sberbank of Russia CIPC

GRC Group Risk Committee of Sberbank of Russia

TRC Trading Risks Committee of Sberbank of Russia

ALMC Assets and Liabilities Management Committee of Sberbank of Russia

IFRS International Financial Reporting Standards

OCP Open currency position

SBB Sberbank of Russia branch

FMT Financial market transactions

Executive Board Executive Board of Sberbank of Russia

DFI Derivative financial instruments

RAR Russian accounting rules

RB Regional bank structurally reporting to HQ

ICIAD Internal Control, Inspection and Audit Department

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014.

Acronym Definition

HO Head office of Sberbank of Russia

NII Net interest income

GMTC Global-market transactions center

EC Economic capital

FORECASTING COMMENTARY

This report contains forecasting statements. Also, it is probable that in future Sberbank of Russia or other parties acting on behalf of Sberbank of Russia might make other forecasting statements. Such statements can include the following information (including but not limited to) regarding Sberbank of Russia, the Group and individual Group members: their plans, objectives, future economic status or prospects, the prospective impact of certain circumstances on future economic status, and any other substantiation of these statements. The use of such terms as 'confidence', 'estimations', 'intentions' and 'plans' as well as other similar expressions is aimed at formulating forecasts but not exclusively using these means only. We do not intend to alter such forecasting statements, with the exception of conformance to legal requirements. By their nature, forecasting statements involve inherent risks and ambiguity (both specific and general) as well as the existing risk that predictions, forecasts, projects and other results described or implied in forecasting statements will not come into being. You are hereby warned that the impact of certain factors can cause results materially differing from those listed in our forecasting statements for plans, expectations, assessments and intentions. Such factors can include: • capability of maintaining required liquidity and having access to the capital market; fluctuation of market and interest rates and interest rate levels; • stability of the global economy and economies of individual countries where the Group carries out its operations, in particular, the risk of impaired economic recovery or an economic crisis in Russia and other countries; • direct and indirect impact of prolonged deterioration of condition of the private and commercial real-estate sector; • rating agencies' reducing ratings of sovereign bonds, structured credit products or other assets subject to the credit risk; • capability of reaching our strategic objectives, including efficiency improvement, risk reduction, cost reduction and more effective capital utilization; • our counterparties' capability of fulfilling their obligations to us;

Disclosure of information on assumed risks, procedures for their assessment, management of risks and capital of Sberbank of Russia Banking Group as of July 1, 2014. • impact of the effective (or modified) fiscal, monetary, trade or customs policy, as well as changes in currency exchange rates; • force-majeure political and social circumstances, including wars, civil unrest, and acts of terrorism; • capability of maintaining control over currency exchange, expropriation, nationalization or confiscation of assets in the Group's countries of presence; • operational factors, such as system failures, personnel errors or incorrect procedure implementation; • actions undertaken by regulatory authorities with respect to our business in one or several countries of presence of the Group; • consequences of the modification of laws, regulatory acts and accounting policies and practices; • competition in regions of presence of the Group; • capability of providing and retaining qualified personnel; • capability of expanding the market share and controlling expenses; • technological changes; • long period of development of our new products and services as well as their perception by and value for clients; • acquisitions, including capability of successful integration of the acquired business, as well as the sale of assets, including the option of selling non-core assets; • capability of fulfilling the prime-cost objective; successful risk management in the abovementioned areas. Sberbank of Russia warns that material factors are not limited to the above list. When assessing the adequacy of Sberbank of Russia's forecasting statements, you need to accurately account for the abovementioned factors, other ambiguities and possible events, as well as information listed in this report.