Moscow Exchange Group has successfully established an integrated risk management system
that complies with Russian regulatory requirements, as well as with leading international standards and best practices.
As a market operator, Moscow Exchange applies a transparent investor- and bidder-oriented information policy regarding its activities. This ensures that stakeholders can fully exercise their rights to reliable information. As per the information policy, the purpose of disclosing information about Moscow Exchange as an issuer of securities is to reach all stakeholders so that they can
make balanced decisions on holding Moscow Exchange equity or performing other actions.
Moscow Exchange complies with the following principles of disclosure regarding its activities:
- regularity and promptness of reporting;
- availability for stakeholders, reliability and completeness of disclosures;
- neutrality, namely the avoidance of prioritizing certain groups of recipients over others;
- accountability for information disclosure.
Moscow Exchange does not evade disclosure of adverse information if such information is material for shareholders and other stakeholders.
Disclosure at the request of government agencies
Moscow Exchange Group is obliged under Russian law to disclose information on market participants (issuers and bidders) to competent government agencies, including law enforcement agencies, for the prevention or investigation of potentially unlawful activities.
Such disclosures may cover insider trading, market manipulation (Federal Law No. 224), and anti-money laundering (Federal Law No. 115).
Role of management bodies in risk management
ESG risk management is handled by the Supervisory Board and other management bodies, such as participants in the Group’s integrated risk management system. They perform monitoring and control procedures. The Supervisory Board of Moscow Exchange is responsible for establishing principles and approaches of the risk management system, including approving the risk management strategy, internal documents, and policies that stipulate actions to prevent the materialization of risks and minimize their consequences.
The Risk Management Committee of the Supervisory Board reviews risk management reports and develops recommendations for managing individual risk profiles, analyzes internal procedures and proposes measures for improving them, and monitors reports submitted.
Similar structures have been established within the Group’s companies, including the Risk Committee of NCC Supervisory Board and the Risk Committee of NSD Executive Board. Moscow Exchange has also created a separate business unit that is responsible for managing the risks of the market operator.
ESG risks and their potential impact on the Group’s operations are identified annually within the Group’s integrated risk management system. Risk acceptance and pre-approval of risk management issues are submitted for discussion at Supervisory Board meetings. The Executive Board is responsible for defining an acceptable level of risk.
The Group has been conducting regular training sessions for its employees to improve their risk identification skills. The sessions are part of the Risk Management System Development Strategy. Risk-management-related KPIs are included in the criteria used by management for assessing employee performance.
Key risk profile
Each of the Group’s companies faces different types of risk, depending on the specific nature of their activities.
As the parent company of the Group, Moscow Exchange faces risks associated with the organization of trading, as well as with transactions involving its own assets.
NSD, as a core element of Russia’s financial market infrastructure, faces risks in its depository activities. The key risk bearer in the Group is NCC, which acts as a clearing house and central counterparty for all major markets of the Group, and as a commodity delivery facility for the commodities market.
The Group’s financial and non-financial risk map is updated annually following the results of the risk identification procedure.
Internal audit and internal control
Moscow Exchange’s risk management system is based on the COSO principles and structured on the ‘three lines of defense’ model, which stipulates that risk management and internal control responsibilities be distributed among management bodies, business units responsible for control and coordination, and the internal audit function. The Group continues to improve its internal control system to maintain a high level of performance.
COSO Internal Control System
|Line of defense
|Identifying, assessing and managing risks, and developing and implementing policies and procedures governing business processes
||All business function staff and employees of the operating units
of Moscow Exchange
|Ongoing risk monitoring and risk management by units as part of their functions.
Infrastructure resilience issues include:
- Information security
- Compliance with legislation and internal documents
- Prevention of corruption and unlawful and fraudulent activities
- Prevention of improper use of inside information and/or market manipulation
- Prevention of conflicts of interest
- Operational Risk, Informational Security, and Business Continuity Department
- Internal Control and Compliance Department
- Internal Control Service
- Security Department
- Legal Department
- Designated employees and departments of the Finance Unit
|Overseeing the efficiency of business activities, the management of assets and liabilities, and the effectiveness of the risk management system
- Internal Audit Service
- Management bodies of Moscow Exchange
Compliance with international standards
The Group conducts an annual audit of its compliance with the CPMI-IOSCO Principles for Financial Market Infrastructures, the COSO Enterprise Risk Management Framework, and the Basel Committee on Banking Supervision risk management guidelines.
In 2020, NCC successfully underwent an operational audit by PwC (an international audit and consulting company) to check compliance with the requirements of the Central Bank of Russia. The audit covered the following components: management of risks of the central counterparty, assessment of the accuracy of the central counterparty model, stress-testing of risks of the central counterparty, determination of the allocated capital of the central counterparty, and recovery of financial stability of the central counterparty.
The operational audit is conducted every two years, and the most recent was conducted in March 2022.
NCC also undergoes a certification audit every three years in accordance with ISO 9001 Quality management systems (the most recent audit was conducted in 2019).
The Group’s companies have developed risk and capital management strategies. As part of its risk management strategy, Moscow Exchange Group reviews its risk appetite and risk tolerance annually in the context of the Group’s strategic objectives.
- Market operator-related risk management rules
- Financial platform operator-related risk management rules
- Declaration on Business Continuity
- Business Continuity Policy of Moscow Exchange
- Regulatory Risk Management Policy of Moscow Exchange
- Personal Data Processing Policy of Moscow Exchange
- Regulation on the Audit Committee
- Regulation on the Internal Audit Service
- Declaration on Information Security
- Policy on Information Security Management of Moscow Exchange
- Risk Management Committee of the Supervisory Board
- Risk Management Unit
- Internal Audit Service
- Internal Control Service