The risk map based on the updated risk identification procedure of 2016 is shown below.

The risk map based on the updated risk identification procedure of 2016 is shown below. The same type of risk may be represented by different events that vary in their potential impact and frequency of occurrence.

If events of the same risk type fall into different matrix sectors, the risk significance is categorised via a simple majority based on the sector colour:

• Red: the most significant risks – sectors VI, VII, VIII, IX;
• Black: risks of medium significance – sectors II, III, IV, V;
• Grey: the least significant risks – sector I.

Risk	Description	Actions
Credit risk (incl. CCP risk and concentration risk)	Group's assets are subject to credit risk which is defined as the risk of possible losses caused by failure of a Group’s counterparty to perform or properly perform its obligations to it.	The Group controls the credit risk by employing the following procedures: establishing single or group counterparty limits, subject to a comprehensive assessment of their financial position, the analysis of the macroeconomic environment they are operating in, the level of their information transparency, business reputation, as well as other financial and non-financial factors; using an internal rating system providing a weighted assessment of the counterparty's financial position, and the level of the credit risk assumed in its respect; controlling the credit risk concentration in accordance with the current regulatory requirements; establishing strict requirements for the types and quality of the acceptable collateral, including liquid securities, as well as cash in Russian roubles and in foreign currency. In order to reduce the credit risk associated with the CCP’s operations, the Group has implemented a multi-level safeguard structure triggered upon a clearing member’s failure to perform or properly perform its obligations, in compliance with regulatory requirements and strict international standards.
Market risk	The market risk may emerge from the defaulting clearing member’s need to close major positions / sell the collateral, which in case of a low market liquidity may adversely affect the price, at which such position can be closed / or the collateral can be sold.	The primary objective in managing the market risk upon investing idle cash is to improve the risk/profitability correlation, and to minimise any losses should any adverse events occur. With this view the Group: diversifies its securities portfolio (by maturity, issuer’s industry profile); sets up maximum expiration periods for investments in securities; sets up maximum volumes of investment in securities (by the total volume, by types of investments, and issuers); classifies debt obligations and securities by risk groups; establishes provisions for potential losses under securities should they be not marked to market. The market risk emerging as part of trading or clearing operations, is primarily managed by: identifying, monitoring, and timely reviewing risk parameters, taking into account regular stress test results; establishing individual collateral rates taking into account concentration limits, profiles of the instruments traded at each of the markets, and possible volatility change scenarios; back testing collateral rates, and controlling collateral adequacy. In managing the market risk emerging as part of trading or clearing operations, the Group: devises mechanisms permitting to close positions of defaulting clearing members within two trading days; sets discounts for the assets accepted as collateral, with the view to covering possible changes in their values in the period from their most recent re-evaluation until the time of their sale; sets concentration limits that define clearing member’s position volume, upon reaching which the underlying collateral is subject to heightened requirements; evaluates clearing members’ collateral adequacy subject to market liquidity; develops procedures for resolving a situation, when a terminated obligation of a clearing member is secured by property other than the subject of the underling obligation; maintains a system of additional financial collateral meant to cover losses not secured by clearing member’s clearing or any other collateral.
Liquidity risk	Risk of potential losses following an adverse change in the value of the instruments comprising the bank book, caused by changes in interest and/or yield rates.	The liquidity management system includes the following elements: distribution of powers in managing liquidity; specific liquidity management and control procedures; information system to accumulate and review liquidity-related information; a set of guidelines, performance indicators, and plans of initiatives designed to ensure efficient liquidity management and control; internal management accounts underlying any decision adopted in respect of the liquidity efficient control and management.
Bank book interest risk	Risk of potential losses following an adverse change in the value of the instruments comprising the bank book, caused by changes in interest and/or yield rates.	In order to measure the impact of the interest risk over the fair value of financial instruments, the Group holds regular assessment of potential losses, which may be caused by negative change of the market terms. The risk management division regularly monitors the financials of the Group and its principal members, assesses the sensitivity of the market value of the investment portfolio and of the proceeds to the interest risk.

Risk	Description	Actions
Operational risk	Risk of potential losses caused by inconsistency of internal operational procedures to the nature and scope of the business, and/or statutory requirements, their non-observance by employees, lack of functionality, inadequacy of information, technological and other systems and/or their failure, as well as by external events.	The principal operational risk management (mitigation) methods include: development of organisational structure, internal operational rules and regulations, distribution of powers, approval (negotiation) and reporting of undertaken operations, all of which will permit to avoid (minimise) the probability of operational risk factors; development of control measures following the analysis of statistical data undertaken with the view to identifying typical operational risks on the basis of recurrent events; monitoring compliance with the adopted rules and procedures; technological automation of undertaken operations, and development of information protection systems; insurance, including both traditional property and personal insurance (insuring buildings, other property against destruction, damage, loss caused by a natural disaster and other accidents, as well as by actions of third parties or employees; insuring employees against accidents and personal injuries), as well as insurance of specific professional risks, both on a comprehensive basis and against separate types of risks; development of the system of business continuity measures to apply in the operational cycle, including emergency plans (business continuity and/or disaster recovery plans).
Continuity risk	Risk of discontinued critical services.	With the view to ensuring normal operations in emergency situations: the Group has put together a reserve complex including reserve office and firmware capabilities located at a safe distance from the principal office. the Group has developed business continuity and disaster recovery plans (BCDR Plans) that define critical business processes, priority actions in an emergency situation, timing and volumes of recovery operations, and business processes to enjoy priority recovery, as well as mandatory steps to be taken after the emergency situation subsides.
Legal risk	Risk of losses caused by breach of contractual obligations, litigations, criminal and administrative liability of Group members and/or their governing bodies acting in their official capacity.	Legal risk management procedures include: regular monitoring of laws, and verification of internal procedures as to their compliance with actual regulations; establishing quantitative and volume restrictions for claims, and controlling compliance with the established restrictions; analysing the legal basis for new products and services; updating internal regulations with the view to avoiding fines. Losses associated with legal risks shall be reflected in the operational risk database.
Regulatory risk	Risk of losses caused by inconsistency of Group’s operations with the laws, its Charter, and internal regulations.	The regulatory risk is managed by the Internal Control Function, which takes the following steps to prevent losses caused by realisation of the regulatory risk: monitors the laws; is in constant communication with regulatory authorities on matters of new regulations; identifies regulatory risk in the existing and scheduled procedures; analyses best practices in implementing internal control measures.
Reputational risk	Risk of losses caused by a negative public opinion of the Group’s operational (technical) stability, quality of its services and its activities in general.	In order to avoid losses associated with the realisation of the reputational risk, the Group continuously monitors media space for information about the Group and analyses its internal processes applying the impact assessment methodology to each identified event or factor. The primary source of the reputational risk is the realisation of the operational risk, especially when such information becomes public. Thus, all actions taken to prevent and to mitigate the operational risk work simultaneously towards the reduction of the reputational risk.
Strategic risk	Risk of expenses (losses) sustained by the market operator as a result of mistakes (defects) made in deciding on the operator’s business and development strategy.	Principal methods of strategic risk management include: building up a process for strategic planning and management commensurate with the Exchange’s calibre and operations; preventing any decisions, including strategic, to be taken by a non-appropriate body from the hierarchic point of view; exercising general control over the performance of the risk management system; determining the process for major transactions, for development and implementation of prospective projects as part of the general concept of the Moscow Exchange Group’s development; controlling the consistency of the risk management parameters with the Exchange’s current condition and its development strategy.