Risk map

The risk map is based on an annual risk identification procedure.

Financial risks
Risk Description Actions
Credit risk (incl. CCP risk and concentration risk) The risk of possible losses caused by failure of a Group’s counterparty to perform or properly perform its obligations to it.

The Group controls credit risk by employing the following procedures:

  • establishing single or group counterparty limits, subject to a comprehensive assessment of their financial position, the analysis of the macroeconomic environment they are operating in, the level of their information transparency, business reputation, as well as other financial and non-financial factors;
  • using an internal rating system providing a weighted assessment of the counterparty’s financial position, and the level of the credit risk assumed in its respect;
  • controlling the credit risk concentration in accordance with the current regulatory requirements;
  • establishing strict requirements for the types and quality of the acceptable collateral, including liquid securities, as well as cash in Russian rubles and in foreign currency.

In order to reduce the credit risk associated with the CCP’s operations, the Group has implemented a multi-level safeguard structure triggered upon a clearing member’s failure to perform or properly perform its obligations, in compliance with regulatory requirements and strict international standards.

Market risk Market risk may emerge from a defaulting clearing member’s need to close major positions / sell collateral, which in case of low market liquidity may adversely affect the price at which such position will be closed, or the collateral can be sold.

The market risk management upon investing idle cash is aimed primarily to improve the risk/profitability correlation, and to minimize any losses should any adverse events occur. With this view the Group:

  • diversifies its securities portfolio (by maturity, issuer’s industry profile);
  • sets up maximum expiration periods for investments in securities;
  • sets up maximum volumes of investment in securities (by the total volume, by types of investments, and issuers);
  • classifies debt obligations and securities by risk groups; establishes provisions for potential losses under securities should they be not marked to market.

The market risk emerging as part of trading or clearing operations, is primarily managed by:

  • identifying, monitoring, and timely reviewing risk parameters, taking into account regular stress test results;
  • establishing individual collateral rates taking into account concentration limits, profiles of the instruments traded at each of the markets, and possible volatility change scenarios;
  • back testing collateral rates and controlling collateral adequacy.

In managing the market risk emerging as part of trading or clearing operations, the Group:

  • devises mechanisms permitting to close positions of defaulting clearing members within two trading days ;
  • sets discounts for the assets accepted as collateral, with the view to covering possible changes in their values in the period from their most recent re-evaluation until the time of their sale;
  • sets concentration limits that define clearing member’s position volume, upon reaching which the underlying collateral is subject to heightened requirements;
  • evaluates clearing members’ collateral adequacy subject to market liquidity;
  • develops procedures for resolving a situation, when a terminated obligation of a clearing member is secured by property other than the subject of the underling obligation;
  • maintains a system of additional financial collateral meant to cover losses not secured by clearing member’s clearing or any other collateral.
Liquidity risk Risk of potential losses following an adverse change in the value of the instruments comprising the bank book, caused by changes in interest and/or yield rates.

The liquidity management system includes the following elements:

  • distribution of powers in managing liquidity;
  • specific liquidity management and control procedures;
  • information system to accumulate and review liquidity-related information;
  • a set of guidelines, performance indicators, and plans of initiatives designed to ensure efficient liquidity management and control;
  • internal management accounts underlying any decision adopted with respect to the liquidity efficient control and management.
Bank book interest risk Risk of potential losses following an adverse change in the value of the instruments comprising the bank book, caused by changes in interest and/or yield rates. In order to measure the impact of the interest risk over the fair value of financial instruments, the Group holds regular assessment of potential losses, which may be caused by negative change of the market terms. The risk management division regularly monitors the financials of the Group and its principal members, assesses the sensitivity of the market value of the investment portfolio and of the proceeds to the interest risk.
Non-financial risks
Risk Description Actions
Operational risk Risk of potential losses caused by inconsistency of internal operational procedures to the nature and scope of the business, and/or statutory requirements, their nonobservance by employees, lack of functionality, inadequacy of information, technological and other systems and/or their failure, as well as by external events.

The principal operational risk management (mitigation) methods include:

  • development of organizational structure, internal operational rules and regulations, distribution of powers, approval (negotiation) and reporting of undertaken operations, all of which will assist in avoiding (minimizing) the probability of operational risk factors;
  • development of control measures following the analysis of statistical data undertaken with the view to identifying typical operational risks on the basis of recurrent events;
  • monitoring compliance with the adopted rules and procedures;
  • technological automation of undertaken operations, and development of information protection systems;
  • insurance, including both traditional property and personal insurance (insuring buildings, other property against destruction, damage, loss caused by a natural disaster and other accidents, as well as by actions of third parties or employees ;
  • insuring employees against accidents and personal injuries), as well as insurance of specific professional risks, both on a comprehensive basis and against separate types of risks;
  • development of the system of business continuity measures to apply in the operational cycle, including emergency plans (business continuity and/or disaster recovery plans).
Continuity risk Risk of discontinued critical services.

With the view to ensuring normal operations in emergency situations:

  • the Group has put together a reserve complex including reserve office and firmware capabilities located at a safe distance from the principal office;
  • the Group has developed business continuity and disaster recovery plans (BCDR Plans) that define critical business processes, priority actions in an emergency situation, timing and volumes of recovery operations, and business processes to enjoy priority recovery, as well as mandatory steps to be taken after the emergency situation subsides.
Legal risk Risk of losses caused by breach of contractual obligations, litigations, criminal and administrative liability of Group members and/or their governing bodies acting in their official capacity.

Legal risk management procedures include:

  • regular monitoring of laws, and verification of internal procedures as to their compliance with actual regulations;
  • establishing quantitative and volume restrictions for claims, and controlling compliance with the established restrictions;
  • analyzing the legal basis for new products and services;
  • updating internal regulations with the view to avoiding fines.

Losses associated with legal risks shall be reflected in the operational risk database.

Custody risk Risk of loss of Group’s assets posted on it as collateral caused an action or omission of a counterparty responsible for safe custody and record-keeping of the asset.

The custody risk is estimated within the credit risk as the custody risk occurrence may cause the credit risk event; and the custody risk is managed as part of the operational risk which may be the trigger the custody risk event.

The custody risk management methods include:

  • evaluation of financial position of a third-party custodian;
  • the multi-level admission scheme for elevators and warehouses including accreditation and storage limits establishment processes;
  • verification of compliance with the established requirements for technical facilities and regular audits of assets in the depositories and vaults of precious metals;
  • insurance of commodities at stock;
  • verification of custodians; confirmation of qualitative and quantitative measures of a commodity by a surveyor upon storage and transfer of the commodity to a bailor;
  • monitoring of actual location of the asset;
  • monitoring of the asset’s availability by the time a claim is made.
Regulatory (compliance) risk Risk of losses caused by inconsistency of Group’s operations with the laws, its Charter, and internal regulations.

The regulatory risk is managed by the Internal Control Function, which takes the following steps to prevent losses caused by realization of the regulatory risk:

  • monitors the laws;
  • is in constant communication with regulatory authorities on matters of new regulations;
  • identifies regulatory risk in the existing and scheduled procedures;
  • analyses best practices in implementing internal control measures.
Reputational risk Risk of losses caused by a negative public opinion of the Group’s operational (technical) stability, quality of its services and its activities in general In order to avoid losses associated with the realization of the reputational risk, the Group continuously monitors media space for information about the Group and analyses its internal processes applying the impact assessment methodology to each identified event or factor. The primary source of the reputational risk is the realization of the operational risk, especially when such information becomes public. Thus, all actions taken to prevent and to mitigate the operational risk work simultaneously towards the reduction of the reputational risk.
Strategic risk Risk of expenses (losses) sustained by the market operator as a result of mistakes (defects) made in deciding on the operator’s business and development strategy.

Principal methods of strategic risk management include:

  • building up a process for strategic planning and management commensurate with the Exchange’s caliber and operations;
  • preventing any decisions, including strategic, to be taken by an inappropriate body from the hierarchic point of view;
  • exercising general control over the performance of the risk management system;
  • determining the process for major transactions, for development and implementation of prospective projects as part of the general concept of the Moscow Exchange Group’s development;
  • controlling the consistency of the risk management parameters with the Exchange’s current condition and its development strategy