Risk management strategy
All principal risk takers among the companies of the Group have developed Risk and Capital Management Strategy.
The principles and processes introduced by the Strategy seek to build, use and develop a comprehensive system of capital and risk management in order to ensure business continuity both in normal and stress economic situations, to enhance transparency of the risk and capital management processes, as well as to timely identify and asses significant risks, support capital planning and take risks into account in the decision making process.
With the view to maintaining efficiency of the regular risk management processes:
- Group governing bodies and divisions regularly exchange information on the matters connected with the recognition, identification, assessment of risks, and control over them;
- Group governing bodies, its divisions, and employees have been engaged in a system of distribution of powers and responsibilities to implement the key risk management principles;
- risks are being regularly identified;
- responsibility for managing certain types of risks is allocated to dedicated employees;
- models are being developed to quantify the risks and to ensure their comprehensive inventory;
- measures are being taken to mitigate risk factors;
- the Group’s operations are being tested for sensitivity against certain risk factors which are taken into account in the risk assessment models;
- the Group holds regular (not less than once a month) stress tests for the adequacy of equity (capital) and clearing margin, including:
- a complex scenario-based stress analysis that takes into account simultaneous change of several risk factors;
- back stress testing;
- the management accounts are systematically drawn up and sent to Group governing bodies, including on the matters connected with the recognition, identification, assessment of risks, and control over them;
- the NCC Clearing Bank Supervisory Board Risk Committee, the Moscow Exchange Risk Committee and the NSD Management Board Risk Committee duly discharge their functions;
- the internal control system has been set up;
- financial resilience recovery plans and plans for engagement of additional resources have been developed.
Moreover, the Moscow Exchange has established a separate market operator's risk management subsystem that enables it to timely identify and assess the risks and to develop mitigation measures.
This system incorporates continuous monitoring of emergencies and assessment of their potential impact on the technical processes of the exchange markets and updating the integrated operational and financial risk management system in line with adopted decisions and procedures. Further development of the risk management system is planned to reduce the vulnerability of business processes and their recovery time, to improve system redundancy based on spacing and duplication of resources and to improve the reliability of communication systems between traders, Exchange and depository and settlement organisations.
In addition, the Exchange has also set up a separate structural unit that is responsible for managing its risks as a market operator. This unit aims to identify and assess risks in a timely manner and to develop mitigation measures. The Exchange developed and approved the Regulations on Managing the Risks of a Market Operator, which establish, in particular:
- the principles of the risk management system related to the Company’s operations;
- the principles and objectives of risk management related to the activities of a market operator;
- Regulations on Managing the Risks of a Market Operator:
- classify the risks inherent to the Exchange;
- set up the procedure and the timeline for an audit of the risk management system efficiency;
- provide basic guidance and approaches to identifying, assessing and monitoring risks;
- set up the procedure and the timeline for informing the Exchange’s governing bodies, executives and divisions of identified risks;
- detail a list of measures to be taken by the Exchange to ensure confidentiality of the risk-related information, including confidentiality of risk reports;
- set up the frequency of stress testing, as well as the requirements for the scenarios used for such testing.