How we manage risk

Risks are a normal part of doing business, but they can adversely and materially impact legal compliance, trading competitiveness, profitability and liquidity. To manage risks, the Management Board of X5, supported by the Executive Board and the Risk Management Team, is responsible for designing, implementing and operating an adequately functioning risk management system, which needs to be capable of identifying, assessing and monitoring the principal risks that may affect the Company’s objectives.

Risk management and internal control

Risk management

The Management Board of X5, supported by the Executive Board, continued in 2018 to pay special attention to strengthening the design and effectiveness of the risk management and internal control system:

  • Strengthen the design. Significant progress has been made in applying risk models to be able to better quantify risk. Efforts in this area will continue in 2019 to apply a cost-benefit analysis of risk mitigation activities in the financial budgeting and risk monitoring processes; and
  • Increase effectiveness. The reporting lines of the Compliance, Internal Control and Risk Assessment Teams were changed in 2018. In the revised structure, the Risk Assessment Team and Internal Control Team now report to the Chief Financial Officer, the Compliance Team reports to the General Counsel, and the Forensic Team reports to the Head of Corporate Security.

To constantly strengthen the risk management system:

  • a comprehensive review of both internal and external risks is carried out at least annually;
  • risk appetite is reviewed and reconfirmed;
  • annual quantitative risk impact assessments complement a qualitative risk appetite;
  • risks of X5’s strategic and short-term objectives are assessed;
  • risk-mitigating activities are put in place.

Management teams at all levels of the organisation are continuously engaged in identifying, managing and monitoring relevant risks. The Risk Assessment Team, supported by the Internal Control Team, facilitates a company-wide view of risk-relevant issues, helps develop risk management activities in both business and functional divisions and ensures that the Management Board is continuously and promptly informed of material risk and risk management developments.

During the annual strategy review and budgeting process, Company management reassesses Company risks and develops action plans to mitigate risks and allocate appropriate resources for risk mitigation. The results of risk mitigation actions are regularly monitored and reported on a quarterly basis to the Audit Committee. X5 is committed to mitigating its risks to within acceptable levels.

Risk appetite

Internal control

To ensure the effectiveness and completeness of the Company’s internal control system, X5 employs a three-tier model to establish and maintain control:

  1. The first tier of control requires each business unit to establish, operate and monitor the necessary controls for each of their specific business processes.
  2. The second tier of control oversees the development and improvement in first-tier controls as the business evolves. This work is co-ordinated by the Risk Assessment and Internal Control Teams across various central functions that design and develop changes to X5’s internal control system.
  3. The third tier of control is the Internal Audit function. The role of Internal Audit is to regularly assess, and recommend improvements to, the Company’s first and second control tiers. Internal Audit reports directly to the Management Board and has direct access to the Audit Committee.

Ethics and compliance culture

Values and business principles are crucial elements of the internal environment for risk management. X5 is committed to practices that contribute to a culture of integrity and long-term value creation. X5 has established and internally communicated rules and policies that outline these values and principles, including X5’s:

  • Code of Conduct and Ethics
  • Policy on Countering Misconduct, Including Fraud and Corruption
  • Declaration on Human Rights

 These policies are available on X5’s public website .

Monitoring and assurance

Internal Audit provides independent and objective assurance of the impact of X5’s control processes. Systematic and disciplined evaluations of risk management, internal controls and governance activities are performed, guided by X5’s Controls Heat Map, which assesses the latest recorded strength of each function or process’s controls. Following a risk-based audit planning approach, Internal Audit performs evaluations of operational, financial and information system controls on key business processes that reveal control issues. Internal Audit provides recommendations to improve controls to the executives responsible. Action plans that address control issues raised by Internal Audit are prepared by business process owners and approved by the director of the business area owning that control. The timely implementation of the action plans is monitored and followed up on a monthly basis, and the status of address ing these control issues is regularly reported and discussed with the CEO and the Audit Committee.

Internal Audit is periodically subject to independent and external evaluation to maintain and improve audit standards. In 2018, Internal Audit identified two areas for development:

  • a more agile approach to audit projects (allowing for a wider scope but shorter duration of audit projects);
  • enhanced auditing of controls in the area of IT, IT infrastructure and data security.

The Company’s principal risks

Risk profile

Group risk Risk appetite Influenced indicator Mitigation

Market and our customer value propositions (CVP)

If the customer value propositions of X5’s retail formats fail to meet customer needs and preferences, this can lead to low sales densities, slower revenue growth, lower profits and returns. The risk can be caused by:

  • Failure to promptly respond to changes in customer preferences or behaviour patterns and lifestyle
  • Failure to promptly respond to new business models, services and technologies used by competitors in retail and related markets
  • Failure to properly understand local consumption and regional economic potential
  • Over-investment in unproven retail formats and new business streams
Minimal to Cautious

Net Sales,

Gross Profit

  • Constantly monitor retail and consumer trends in Russia and internationally to spot changes in behaviours and needs
  • Regularly monitor trends in operating performance indicators and Net Promoter Scores
  • Continually invest in improving the format CVPs while at the same time improving operating cost-efficiencies
  • Revise the target CVP on an annual basis and embed business improvement plans into the heart of the annual operating plan reviewed by the Supervisory Board
  • Explore, test and roll out new retail technologies and expand range in emerging category areas
Our brands
Our strategy in action

Economic and market conditions

Major changes in the economic environment may challenge the existing business strategy, have a material impact on financial performance and lead to a competitive disadvantage. Such changes include:

  • A sharp drop in consumer demand (structural changes and shrinking consumer demand in money and absolute terms), depending on real income, consumer confidence and the unemployment level
  • Social and demographic developments
  • Excessively low or high product inflation
  • Unexpected decline in national or regional economic activity leading to suppressed growth, higher unemployment and lower personal incomes
  • Political events with a negative impact on trade practices or consumer demand
Cautious to Open Gross Profit
  • Rely on a multi-format model that enables the Company to respond to changes in customer demand and meet the needs of customers with various lifestyles and income levels (all groups of customers in Russia)
  • Monitor the economic environment, manage the product mix and pricing policy and identify geographies for further expansion based on local customer demand
  • Develop direct imports, partner with direct suppliers and develop private labels to drive expansion of the product mix and bring purchase prices down
  • Work to ensure the robust growth of retail formats in regions that demonstrate the strongest potential
Economic and consumer trends

Growth and expansion

The Company is committed to a sensible expansion strategy and the upkeep of existing stores.

The Company’s expansion is associated with the following risks:

  • Lack of cost-efficient locations for new openings
  • Higher costs of opening and refurbishment projects can erode return on investments
  • Lack of logistics capacity to support expansion can cause higher logistics costs and, consequently, lower margins
  • Suboptimal geographical plan for expansion and overly optimistic expectations for project economics in certain locations
  • Inefficient synergies from M&A deals to acquire local players
  • Reaching market share caps in certain trading regions
Cautious to Open Selling Space, Number of Stores, Net Sales
  • Have a valuation methodology in place for stores of each format
  • Ensure that investment and post-investment valuation is carried out
  • Project the Company’s future need for logistics capacities and open new distribution centres to keep pace with the rollout of new space in each format
  • Improve store opening and refurbishment processes and reduce bureaucracy and time delays
  • Optimise the performance of stores with negative margins
Geography of operations

The principal risks that may impede the achievement of X5’s objectives with respect to strategy, operations, compliance and reporting matters are described below. It should be noted that there are additional risks that management believes are less material or otherwise common to most companies.

Group risk Risk appetite Influenced indicator Mitigation

Retail operations

The operational efficiency of the logistics network, stores and back office units determine the operating performance of existing and new stores and the Company’s overall profit margins.

Operating activities are subject to the following risks:

  • Operational disruptions and delays in implementing the CVP
  • Lower productivity of the logistics network
  • Lower efficiency of inventory management at the DCs and stores (reduced availability of goods, increase in inventories and write-offs)
  • Lower productivity in stores resulting in either staff cost overspends or poor operating standards
  • Lower productivity in the back office resulting in higher operating costs or reduced service standards
Minimal to Cautious Gross Profit, Operation Cost
  • Ensure an optimal level of management on key business processes
  • Ongoing management of the product mix across the retail formats
  • Develop the logistics capability in line with expansion strategy and closely manage supply chains within the existing logistics network
  • Improve and automate processes in the back office, DCs and stores
  • Monitor the operating performance of stores and DCs based on defined KPIs and performance standards
  • Monitor the operations of national and regional competitors on an ongoing basis and ensure a prompt and appropriate response
Retail infrastructure

Human resources

The Company’s strategic goals are heavily dependent on the competencies and performance of its officers and employees.

Risks related to HR management include:

  • Poor recruitment and vetting leading to inappropriate staff for roles
  • Insufficient attention to employee welfare, training and rewards
  • Poor morale leading to high turnover rates, high rates of morbidity and low productivity
  • Shortage of qualified professionals and employees in key skill areas
  • Competitor demand for our top talent
  • Inadequate succession planning
Cautious to Open Operation Cost
  • Monitor the labour market and provide employee benefits in line with market norms
  • Invest in a professional recruitment process, use various employee recruitment and vetting tools to ensure the right candidates are chosen
  • Have a system for employee onboarding, training and development in place, along with a talent pool management process
  • Ensure rewards are kept in line with market norms through salary benchmarking and incentive schemes
  • Develop and reinforce the Company culture
  • Monitor staff morale through employee feedback processes
People review

IT performance, continuity

The Company’s operating model and scale of business depends on the capabilities and reliability of its IT systems. The inability to harness IT to improve productivity can limit expansion and decrease profitability.

IT management is subject to the following risks:

  • Failure to match IT capabilities, scalability and reliability in relation to business requirements
  • Disruptions of business continuity due to IT failures
Minimal to Cautious Revenue Operation Cost
  • Ensure the IT development roadmap is integrated within the overall business operating plan
  • Employ a mix of external and internal expertise to ensure an agile response to business opportunities
  • Ensure IT change projects are sponsored by business owners and professionally managed to keep within scope and budget
  • Ensure good governance of IT architecture and the integration of IT systems
  • Ensure sufficiently close monitoring and speedy fault rectification of IT infrastructure
  • Implement policies and procedures to ensure cybersecurity protection is maximised
Information technologies
Risks heat map
Group risk Risk appetite Influenced indicator Mitigation


The Company understands the rising trend of external threats to information security.

Cybersecurity risks include:

  • Cyberattacks, spread of viruses and other malicious actions to disrupt our operations
  • Attempts to steal or corrupt our data
  • Attempts to circumnavigate our control systems in order to cause fraud
Minimal to Cautious Revenue Operation Cost
  • Implement policies and procedures to protect our systems and data
  • Our Information Security department was set up to monitor and action issues related to cyber-risks
  • Use of specialised hardware and software to protect against malicious software, spam, external and internal cyberattacks, and data leaks
  • Use of information systems to detect atypical behaviours in the X5 network and alert trained personnel for action
Information technologies

Real estate, rent and maintenance

Maintaining our existing stores in a fit state of repair is an important factor in continuing to serve our customers well. Optimal service costs also affect the Company’s margins.

In pursuing these objectives, the following risks can arise:

  • High incidences of equipment failures and emergency repairs
  • Higher utility rates
  • Higher vacancy rates and a resulting decrease in revenues from subleased areas
  • Unplanned increases in lease rates or termination of lease agreements by the lessor in favour of another tenant
Minimal to Cautious Operation Cost
  • Have store refurbishment projects planned into our budgets
  • Invest in preventative maintenance programmes
  • Standardise and monitor the utility and technical maintenance of stores and automate store monitoring processes
  • Sign long-term lease agreements, specify rules for their termination, and manage rental rates and landlord relationships
  • Manage relations with lessors and sub-lessees

Financing risks

Financing risks are driven by both internal and external factors. They can have an adverse impact on X5’s liquidity, profitability and growth.

The most common financing risks include:

  • Significant volatility of foreign exchange rates
  • Volatility in country and sector economic fortunes and thus increases in interest rates and banking fees
  • Pricing and availability of new credit
Averse to Minimal See Financial Statements
  • Raise financing in Russian roubles, avoid FX-denominated agreements in operating activities
  • Restrict banking activity to a pool of partner banks whose stability has been assessed and verified
  • Ensure continuity of funding on the best available market terms, with a diverse credit portfolio of lending arrangements
  • Arrange funding ahead of requirements and maintain sufficient undrawn credit limits in banks
  • Monitor working capital and have internal policies on credit terms, stock levels and payment terms
  • Closely monitor the performance against budget and introduce changes needed to achieve financial targets in a timely manner
Financial review
Group risk Risk appetite Influenced indicator Mitigation

Reputation and social responsibility

As X5’s success depends to a significant extent on brand recognition, the brand names Pyaterochka, Perekrestok, Karusel and X5 and their associated reputations are key long-term assets of X5’s business.

As a market leader, X5 is fully aware of its social responsibility and is committed to managing social aspects involved in its operations, thus building a foundation for sustainable development. In terms of reputation and social responsibility, the following risks can arise:

  • Unethical conduct, unscrupulous practices by X5 management and employees in their relations with customers, counterparties, government authorities, non-profit associations, investors and other stakeholders
  • A mismatch between the Company’s social responsibility standards and the expectations of communities, market players and stakeholders based on X5’s role, scale of business and growth potential
  • Abuse by third parties using X5’s trademarks and brands
  • Misleading information about X5 in social and mass media that may damage the reputation of the Company and its retail formats
  • Leakage of critical (sensitive) information onto the Internet or to competitors
Averse to Minimal N/A
  • Use X5’s Code of Business Conduct and Ethics; X5’s Policy on Countering Misconduct, Including Fraud and Corruption; X5’s Charity Policy
  • Raise awareness, train employees and develop the corporate culture to make sure unethical behaviour is seen as unacceptable and that there is zero tolerance for any fraudulent activities
  • Use the X5 Retail Group Code of Interaction with Business Partners, review complaints filed by counterparties and engage the Conciliation Commission to look into any incidents that take place
  • Take disciplinary action in cases of unethical behaviour
  • Record, arrange and process reports received from the Company’s employees via the hotline
  • Use the Customer Service Standards and the hotline for customers, and work with reports and complaints
  • Engage in external and in-house social and charity projects
  • In emergencies, use dedicated channels of communication and rely on the Crisis Response Team to mitigate financial and non-financial damage to X5
  • Ensure accessibility for special-needs customers and employees
Community investment review


X5 is committed to preserving and protecting the environment and making sustainable use of natural resources.

Risks regarding environmental management include:

  • Reputational damage for being perceived as an environmentally uncaring organisation
  • Financial penalties imposed for non-compliance with environmental regulations
Averse to Minimal N/A
  • Implement energy-efficient technologies and equipment
  • Make wider use of paperless document flows
  • Set environmental expectations for contractors in their work for X5
  • Ensure our vehicles meet emission standards
  • Collect and dispose of waste appropriately, and promote recycling wherever possible
Environmental review

Humаn rights

While most human rights laws concern relationships between the state and individuals, non-state organisations also impact individuals’ human rights, and they have a responsibility to respect them.

In its operations, X5 addresses the following human rights violations:

  • Discrimination against employees, customers and representatives of the Company’s partners on the grounds of age, gender, sexual orientation, social status, nationality or ethnicity, cultural or political beliefs, etc.
  • Unethical employee behaviour in violation of human rights (e.g., forced or unpaid labour, workplace bullying, harassment, use of offensive language or humiliation)
  • X5’s involvement in human rights violations by third parties
Averse to Minimal N/A
  • X5’s Declaration on Human Rights (available on the Company’s website)
  • Use the X5 Code of Business Conduct and Ethics, provide training to employees and develop the corporate culture
  • Use the Internal Labour Rules and the Compensation and Benefits Policy and communicate them to employees
  • Receive complaints from the Company’s employees via the hotline and investigate and take necessary disciplinary actions
  • Improve the Company’s business processes to eliminate the root causes of complaints received through the hotline
  • Use the Customer Service Standards and the hotline for customers, and investigate and remedy complaints
  • Ensure accessibility for special-needs customers and employees
People review

Health and safety

The health and safety of our employees and customers is our primary responsibility. Injuries or fatalities would have a negative impact on the trust and loyalty of our customers and X5’s business reputation.

The Company addresses the following risks:

  • Accidents causing injuries, including fatal injuries, to employees or individuals at X5 facilities and in adjacent areas
  • Injuries to employees due to an unsafe and uncomfortable working environment
  • Failure to provide the necessary first aid on a timely basis
Averse to Minimal N/A
  • Provide a safe working environment (premises, equipment, uniforms) at the Company’s offices, DCs and stores, and carry out regular workplace assessments
  • Ensure compliance with employees’ working hours and holiday schedule (work and rest schedule)
  • Provide employees with life and health insurance programmes and seasonal vaccinations
  • Arrange regular medical examinations for employees and health screening assessments to confirm that they are fit to work
Occupational health and safety

Product safety and quality

Product safety and quality are important criteria for our customers. Products of poor quality and with little shelf life remaining can lead to high wastage and potentially damaged customer relationships.

This risk may be triggered by:

  • Selling products that fail to meet safety standards and representations about quality
  • Violations of operational process rules that may lead to spoilage and contamination
  • Accepting from suppliers products that fail to meet safety standards, representations about quality or that have insufficient shelf life
Averse to Minimal N/A
  • Audit suppliers by carrying out laboratory tests of product samples before adding the products to the assortment. Remove suppliers from our assortment who fail to meet our standards
  • Ensure inspection of incoming products at DCs and stores
  • Comply with all rules for product transportation, storage and sale
  • Comply with sanitation and personal-hygiene rules
  • Provide training for employees on quality assurance
  • Handle complaints and requests from customers and investigate root causes
Product safety and production quality

Legislation and litigation

X5’s activities are governed by a wide range of laws and regulations. By complying with these, the Company maintains its reputation and manages operating expenses. Unfavourable legislative developments may affect X5’s strategy and margins. Contractual terms that are unfavourable for X5, failure of counterparties to fulfil their obligations and court action against X5 due to contract violations may have a negative impact on the Company’s performance and reputation.

Risks related to legislation and protection of X5’s interests can include:

  • Non-compliance with applicable laws, including failure to change or adjust the Company’s activities on a timely basis in line with new developments
  • Unfavourable changes in retail laws (e.g., market share limitation, sales restrictions introduced for certain types of products) and obsolete requirements
  • Unfavourable changes in legislation that result in higher operating expenses for the Company
  • Risk of legal action against X5 initiated by regulators and counterparties
  • Counterparties taking advantage of laws and contractual provisions that fail to properly protect X5’s interests
  • Issues related to violations of data protection compliance
Averse to Minimal N/A
  • Interaction with government agencies as prescribed by applicable laws, participation in public organisations, representation of interests
  • Monitoring of draft laws, timely initiation of internal projects to alter and adjust X5’s activities to legislative developments
  • Implementation of X5’s Compliance Policy
  • Assessment of compliance risks, rollout and improvement of compliance procedures to integrate them into the Company’s processes, consistent efforts to identify violations and non-compliance with laws, and disciplinary action
  • Personnel training to ensure compliance with laws
  • Legal support, auditof contracts, development and use of contract templates

Fraud and corruption

Like many other industries, the retail sector is exposed to risks of fraud and corruption. The scale of X5’s activities and the diversity of its business operations can result in fraud risks and potential for corruption.

These risks include:

  • Theft, fraud, acts of corruption and abuse on the part of X5 employees
  • Hidden conflicts of interest
  • Fraud, commercial bribery and theft by third parties (customers, counterparties)
Averse to Minimal Operation Cost
  • Use the Code of Business Conduct and Ethics and X5’s Policy on Countering Misconduct, Including Fraud and Corruption
  • Promote among employers zero tolerance of abuse, and provide personnel training and information about our codes and policies
  • Implement segregation of duties of sensitive roles to reduce risk, and closely manage access rights to our systems
  • Conduct background checks on counterparties and employees
  • Identify abuses, fraud and theft by internal departments (Security, Audit, Finance and IT). Carry out internal checks, take disciplinary action, initiate administrative or criminal proceedings againstemployees, counterparties or customers
  • Record, arrange and process reports received from the Company’semployeesvia the hotline, from counterparties in the Conciliation Commission and from the Security Department
  • Require declaration of conflicts of interest for allemployees


Compliance with taxation regulations is often complex, open to differing interpretations and depends on the Company’s risk appetite.

Tax risks may be related to:

  • Unfavourable changes in tax calculation rules, introduction of new taxes and fees
  • Federal and regional authorities interpreting tax laws in a way that is adverse for X5
  • Developments in case law involving tax disputes
  • Attempts to challenge previous transactions and amounts of associated tax payments
Averse to Minimal See Financial Statements
  • Monitoring of taxation-related legislative initiatives and case law, changes to business processes
  • Tax planning with preliminary reviews and advisory sessions
  • Tax risk assessment before executing transactions and signing contracts
  • Tax budgeting, provisioning for tax risks
  • Tax control during transactions
Group risk Risk appetite Influenced indicator Mitigation

Reliability of financial reports

The reliability and completeness of financial reports is a critical element when it comes to maintaining the trust of shareholders and other stakeholders.

The integrity of financial reporting is exposed to the following risks:

  • Non-compliance with statutory requirements on financial reporting
  • Misrepresentation of management accounts and financial statements
  • Ambiguity of management accounts and financial statements
  • Disclosure levels not in line with shareholder, lender or market expectations
Averse to Minimal N/A
  • Annual audit by professional external auditors
  • Monitoring and prompt adoption of legislative initiatives regarding financial statements and changes in reporting methodologies
  • Management controls over the methodologies adopted and consistent application in preparing management reporting
  • Internal controls for the preparation of financial statements
  • Internal audit to assess the effectiveness of the internal controls used for the preparation of financial statements

Expected risk tendency

For the designated risk groups, X5 analysed the actual risk impact in 2018 and made predictions about the expected future impact, taking external conditions and trends into consideration.

Statement of the Management Board

The Management Board reviewed and analysed the strategic, operational, compliance and reporting risks to which the Company was exposed, as well as the effectiveness of the Company’s internal risk management and control systems over the course of 2018. The outcome of this review and analysis has been shared with the Audit Committee and the Supervisory Board and has been discussed with X5’s external auditors.

The Management Board reviewed the effectiveness of X5’s internal risk management and control systems based on:

  • internal audit reports on reviews performed throughout the year; observations and measures to address issues were discussed with management and the Audit Committee;
  • a systematic review of scoping, control execution and control assessments in the context of an internal control strategy for 2017-2020;
  • periodic risk reports reported by the management of corporate functions and the three main business segments (retail formats);
  • ongoing monitoring of key risk management initiatives aimed at mitigating risks and keeping risks at an acceptable level;
  • the external auditor’s ongoing reflections on the control framework, and the management letter from the external auditor with observations and remarks regarding internal controls.

For more information on X5’s risk management activities, internal control, risk management systems and key risks, see the section “How we manage risk” above. The purpose of X5’s internal risk management and control systems is to adequately and effectively manage the significant risks to which the Company is exposed. Such systems can never provide absolute assurance as to the realisation of operational and strategic business objectives, nor can they prevent all misstatements, inaccuracies, errors, fraud and non-compliance with legislation, rules and regulations. These systems do not provide certainty that the Company will achieve its objectives. Based on the annual evaluation and discussion of X5’s internal control and risk management systems and identified risk factors, the Management Board confirms that, according to the current state of affairs and to the best of its knowledge:

  • X5’s internal risk management and control systems provide reasonable assurance that the Company’s financial reporting does not contain any material inaccuracies;
  • there have been no material failings in the effectiveness of X5’s internal risk management and control systems;
  • there are no material risks or uncertainties that could reasonably be expected to have a material adverse effect on the continuity of X5’s operations in the coming 12 months;
  • based on the current state of affairs, it is appropriate that the financial reporting is prepared on a going concern basis (notes 30 (c) and 32 to the consolidated financial statements).

In view of all of the above, the Management Board confirms that, to the best of its knowledge, the financial statements give a true and fair view of the assets, liabilities, financial position and profit or loss of the Company and its consolidated subsidiaries, and the management report includes a fair review of the position on the balance sheet date and of the development and performance of the business during the financial year together with a description of the principal risks and uncertainties that the Company faces.

The Management Board 19 March 2019