System for managing risks to the current strategy

The principles and approaches employed by the Group in installing and operating the risk management system (RMS) are based on best international practices implemented in compliance with national and international risk and capital management standards. The Group holds an annual audit of its compliance with the CPMI-IOSCO Principles for Financial Market Infrastructures, the COSO Enterprise Risk Management Framework, and the guidelines of the Basel Committee on Banking Supervision on procedures to be employed by credit institutions in the sphere of risk and capital management. In 2019, the CCP NCC, the principal risk taker of the Group, retained its DNV Business Assurance Management System Certificate ISO 9001:2015, an international standard denoting best global practice in the field of business and quality management. The Bank was audited by Det Norske Veritas and Germanischer Lloyd (DNV GL), an international certification company. DNV GL’s standards establish clear requirements for management of business processes to serve as the basis for a predictable and stable level of quality of products and services.

In 2019, NCC’s initial and variation margin assessment model successfully underwent validation. The model was validated by multinational professional services firm PwC in line with the Bank of Russia’s Regulation No. 658-P On the Requirements for a Qualified Central Counterparty, the Procedure for Recognition of Central Counterparty Management Quality as Satisfactory; on the Grounds and the Decision-Making Procedure for Recognition of Central Counterparty Management Quality as Unsatisfactory; on the Procedure for Informing the Central Counterparty of the Decision dated 1 November 2018. In its report submitted following the validation process, PwC assigned NCC with high risk protection rating.

In 2019, the Exchange was reaffirmed under the ISO 27001:2013 (Information Security Management Systems) and ISO 22301:2012 (Business Continuity Management Systems) certification covering the organization of on-exchange trading, clearing and other services on the Equity and Bond, Derivatives, FX and Money Markets. This certification ensures that the Exchange and NCC fully meet over 100 technical and administrative requirements in the area of information security and business continuity.

The integration of risk management functionality in business processes makes it possible to identify risks and assess their materiality in a timely manner, and to ensure an efficient response by mitigating potential adverse effects and/or by reducing the probability that they will materialize. Tools for mitigation include insurance, hedging, limit requirements and transaction collateral requirements.

The Group’s Risk Management System operates on the principles of comprehensive coverage, continuity, transparency, independent assessment, paper trail, prudence and materiality:

Comprehensive Coverage is premised on identifying risk factors and risk objects, determining risk appetite based on a comprehensive analysis of existing and proposed business processes (products), implementing universal RMS working procedures and elements, consistently applying methodological approaches in resolving similar risk assessment and risk management tasks, and assessing and managing key operational risks in close connection with the non-key operational RMS.

Continuity is premised on regular, coherent, target-driven procedures, such as assessment of existing risks, including monitoring risk parameters, review of key RMS parameters and how they are determined, including limits and other restrictions in respect of clearing members’ transactions, analyzing RMS technologies and operational rules, holding stress tests and preparing reports for management.

Transparency is manifested in providing relevant information regarding the RMS to clearing members / counterparties. Clearing members, including potential members, have access to methodological documents describing the RMS, including approaches to risk assessment, as well as to key aspects of the procedures employed in monitoring their financial stability. At the same time, the assessment results of a specific clearing member or counterparty, as represented in the form of internal ratings, or limits, as well as other restrictions established in respect of treasury or administrative operations, are never made public and are never subject to disclosure.

Independent Assessment means that a comprehensive assessment and review of each risk is undertaken by separate divisions / employees who are independent from the divisions responsible for taking on risks or counterparties. These divisions / employees cannot be charged with any responsibilities that may give rise to a conflict of interest.

Paper Trail means that RMS guidelines, procedures and rules are negotiated with the divisions involved in risk assessment and management procedures, and approved by the relevant governing bodies.

Prudence suggests that the Group bases its decision-making on a prudent combination of RMS reliability and profitability in choosing methods of risk assessment and management, and in determining the acceptable level of risk (risk appetite).

Materiality means that, in implementing various RMS elements, the Group is guided by the relationship between the costs that implementation of risk analysis, control and management mechanisms will require, and the potential outcome of such implementation, as well as the costs of the development and implementation of products, services or tools carrying the relevant exposure. As part of the risk management strategy, and with a view to achieving strategic objectives, credit entities of the Group establish and annually review their risk appetite, which defines the risk limit assumed by them by reference to strategic objectives they have been set.

As part of the risk management strategy, and with a view to achieving strategic objectives, credit entities of the Group establish and annually review their risk appetite, which defines the risk limit they assumed by reference to strategic objectives they have set.

These priority areas serve as the basis for calculating threshold values for specific target indicators. Compliance with these indicators is regularly reviewed and communicated to the Supervisory Board.