Internal control system
MOEX’s internal control system ensures that the Exchange’s licensed activities are conducted in accordance with Russian legislation and regulation, the rules of organised trading, and the Exchange’s own constituent and internal documents.
Internal control activities aim to identify, analyze, assess and monitor the risk of loss and/or other adverse consequences of both MOEX’s operational activities and measures taken by the Bank of Russia (“compliance risk”), and to manage any such risks.
Within this framework, the Exchange’s internal control system is based on the COSO concept and utilizes a Three Lines of Defense model, which distributes risk management and internal control obligations among MOEX’s governing bodies, control and coordination units, and the internal audit unit.
The First Line of Defense is represented by employees of the Exchange’s business and operational units of the Exchange, whose key functions are to identify, assess and manage the risks inherent in MOEX’s daily activities, and to develop and implement policies and procedures governing existing business processes.
The Second Line of defense is represented by the Operational Risk, Informational Security and Business Continuity Department, the Internal Control Service, and the Compliance Service, which carry out continuous risk monitoring and management of the following areas:
- ensuring information security, including protecting the Exchange’s interests in the information sphere;
- compliance with legislation, as well as the Exchange’s own constituent and internal documents;
- preventing the Exchange and its employees from being involved in unlawful and unethical activities, including money laundering and terrorism financing;
- preventing unlawful use of insider information and/or market manipulation;
- preventing conflicts of interests, including by identifying and monitoring conflicts of interests and preventing the consequences of conflicts of interests.
These units support the first line of defense in identifying compliance risks, developing and embedding control procedures, interpreting applicable legislation, and preparing reports for MOEX’s governing bodies based on the results of monitoring.
The Third Line of Defense is represented by the Internal Audit Service, which monitors the efficiency and productivity of the Exchange’s financial and economic activities, the efficiency of asset and liability management, including the safety of assets and the efficiency of the market operator’s risk management.
The Exchange’s governing bodies set the terms of reference for internal control systems related to risk management.
The Internal Control System was subject to an independent audit conducted by EY, which assessed the system maturity level as “developed”. The Group continues to enhance its internal control system to improve effectiveness and maintain the system at a high level. In addition, the Stabilization 3.0 project now underway aims to elaborate a development strategy for the compliance system in terms of best practice and establish a foundation for creating a unified compliance culture across Group companies.