Moscow Exchange Group has built an integrated risk management system, however each of the Group company faces its own inherent risks associated with the specific field of its activities. Thus, Moscow Exchange, being the parent company of the Group, assumes the risks of a market operator, risks related to operations in its assets as well as risks of a financial platform operator.
That said, the Group’s principal risk taker is none other than Non-banking credit institution — Central Counterparty National Clearing Centre (short name “CCP NCC”) on the grounds that it operates as clearing house, a central counterparty for all main markets of Moscow Exchange Group, and an operator of deliveries in the Commodities Market.
The Group’s comprehensive risk management system extends to the NSD, the infrastructure powerhouse of the Russian financial market, whose priorities lie in the reliable operation and stable development of the following key areas:
- Central securities depository;
- Settlement and clearing system;
- Trade repository;
- Tripartite services;
- Corporate actions centre.
SYSTEM FOR MANAGING RISKS TO THE CURRENT STRATEGY
The principles and approaches employed by the Group in installing and operating the risk management system (RMS) are based on best international practices implemented in compliance with national and international risk and capital management standards.
In 2021, the Exchange was reaffirmed under the ISO/IEC27001:2013 (Information Security Management Systems) and ISO 22301:2012 (Business Continuity Management Systems) certification covering the organization of on-exchange trading, clearing and other services on the Equity and Bond, Derivatives, FX and Money Markets. This certification ensures that the Exchange and NCC fully meet over 100 technical and administrative requirements in the area of information security and business continuity.
In 2021, Moscow Exchange renewed insurance contracts covering Electronic and Computer Crime and Personal Indemnity to mitigate operational and information security risks.
The integration of risk management functionality in business processes makes it possible to identify risks and assess their materiality in a timely manner, and to ensure an efficient response by mitigating potential adverse effects and/or by reducing the probability that they will materialize. Tools for mitigation include insurance, hedging, limit requirements and transaction collateral requirements.
The Group’s Risk Management System operates on the principles of comprehensive coverage, continuity, transparency, independent assessment, paper trail, prudence and materiality:
Comprehensive Coverage is premised on identifying risk factors and risk objects, determining risk appetite based on a comprehensive analysis of existing and proposed business processes (products), implementing universal RMS working procedures and elements, consistently applying methodological approaches in resolving similar risk assessment and risk management tasks, and assessing and managing key operational risks in close connection with the non-key operational RMS.
Continuity is premised on regular, coherent, target-driven procedures, such as assessment of existing risks (including monitoring of risk parameters), review of key RMS parameters and how they are determined (including limits and other restrictions in respect of clearing members’ transactions), analysing RMS technologies and operational rules, holding stress tests and preparing reports for management.
Transparency is manifested in providing relevant information regarding the RMS to clearing members / counterparties. Clearing members, including potential members, have access to methodological documents describing the RMS, including approaches to risk assessment, as well as to key aspects of the procedures employed in monitoring their financial stability. At the same time, the assessment results of a specific clearing member or counterparty, as represented in the form of internal ratings, or limits, as well as other restrictions established in respect of treasury or administrative operations, are never made public and are never subject to disclosure.
Independent Assessment means that a comprehensive assessment and review of each risk is undertaken by separate divisions / employees who are independent of the divisions responsible for taking on risks or counterparties. These divisions / employees cannot be charged with any responsibilities that may give rise to a conflict of interest.
Paper Trail means that RMS guidelines, procedures and rules are negotiated with the divisions involved in risk assessment and management procedures, and approved by the relevant governing bodies.
Prudence suggests that the Group bases its decision-making on a prudent combination of RMS reliability and profitability in choosing methods of risk assessment and management, and in determining the acceptable level of risk (risk appetite).
Materiality means that, in implementing various RMS elements, the Group is guided by the relationship between the costs that implementation of risk analysis, control and management mechanisms will require, and the potential outcome of such implementation, as well as the costs of the development and implementation of products, services or tools carrying the relevant exposure.
As part of the risk management strategy, and with a view to achieving strategic objectives, in 2021, companies of the Group revised the risk appetite of the Moscow Exchange Group set by the Supervisory Board of Moscow Exchange in 2020. The Group’s risk appetite is designed to help the Supervisory Board of Moscow Exchange, as the Group’s parent company, manage the Group’s overall risk level taking into account all intragroup effects and to set a target risk/return ratio for the Group.
The Group’s risk appetite is set in relation to risks recognised as significant at the Group level, and inherent to all Group companies and equally measurable. The risk appetite of each company within the Group consists of a decomposed part of the Group’s risk appetite and individual indicators reflecting the specific risks of a particular company.
These priority areas serve as the basis for calculating threshold values for specific target indicators. Compliance with these indicators is regularly reviewed and communicated to the Supervisory Board.
The risk map is based on an annual risk identification procedure.
Credit risk (incl. CCP risk and concentration risk)
The risk of possible losses caused by failure of a Group’s counterparty to perform or properly perform its obligations to the Group.
The Group controls credit risk by employing the following procedures:
In order to reduce the credit risk associated with the CCP’s operations, the Group has implemented a multi-level safeguard structure triggered upon a clearing member’s failure to perform or properly perform its obligations, in compliance with regulatory requirements and strict international standards.
Market risk may emerge from a defaulting clearing member’s need to close major positions / sell collateral, which in case of low market liquidity may adversely affect the price at which such position will be closed, or the collateral can be sold.
The market risk management upon investing idle cash is aimed primarily to improve the risk/profitability correlation, and to minimize any losses should any adverse events occur. With this view the Group:
The market risk emerging as part of trading or clearing operations, is primarily managed by:
In managing the market risk emerging as part of trading or clearing operations, the Group:
Risk of potential losses following the Group’s inability to meet its obligations in full and on time
The liquidity management system includes the following elements:
Bank book interest risk
Risk of potential losses following an adverse change in the value of the instruments comprising the bank book, caused by changes in interest and/or yield rates.
In order to measure the impact of the interest risk over the fair value of financial instruments, the Group holds regular assessment of potential losses, which may be caused by negative change of the market terms. The risk management division regularly monitors the financials of the Group and its principal members, assesses the sensitivity of the market value of the investment portfolio and of the proceeds to the interest risk.
Risk of potential losses caused by inconsistency of internal operational procedures to the nature and scope of the business, and/or statutory requirements, their non-observance by employees, lack of functionality, inadequacy of information, technological and other systems and/ or their failure, as well as by external events.
The principal operational risk management (mitigation) methods include:
Information security risk
risk associated with the potential loss of the security properties (confidentiality, integrity, availability) by the Company’s information assets as a result of the occurrence of information security threats.
Information security is understood as the protection of information and means of its processing from accidental or intentional impacts of natural or artificial nature.
The main objective of the measures aimed to ensure information security is to achieve adequate protection of the Company’s business processes and minimize information security risks when organizing trading and providing services on the Equity & Bond, Derivatives, FX and Money Markets.
This goal is achieved by ensuring and constantly maintaining the confidentiality, integrity and availability of the Company’s protected information assets.
Risk of discontinued critical services.
With the view to ensuring normal operations in emergency situations:
Risk of losses caused by breach of contractual obligations, litigations, criminal and administrative liability of Group members and/or their governing bodies acting in their official capacity.
Legal risk management procedures include:
Losses associated with legal risks shall be reflected in the operational risk database.
Risk of loss of Group’s assets posted on it as collateral caused an action or omission of a counterparty responsible for safe custody and recordkeeping of the asset.
The custody risk is estimated within the credit risk as the custody risk occurrence may cause the credit risk event; and the custody risk is managed as part of the operational risk which may be the trigger the custody risk event.
The custody risk management methods include:
Compliance (regulatory) risk
Risk of losses caused by noncompliance with the laws, internal regulations, self-regulating organizations’ standards (if mandatory), as well as by sanctions and/or other actions taken by regulatory authorities
The compliance risk is managed by the Group’s responsible business units within the Group’s unified compliance structure. As part of the activities of the Compliance Committee managed by the Chairman of the Executive Board of Moscow Exchange, Group companies seek to unify their approaches and implement best Russian and global practices in compliance risk management.
Risk of losses caused by a negative public opinion of the Group’s operational (technical) stability, quality of its services and its activities in general
In order to avoid losses associated with the realization of the reputational risk, the Group continuously monitors media space for information about the Group and analyses its internal processes applying the impact assessment methodology to each identified event or factor. The primary source of the reputational risk is the realization of the operational risk, especially when such information becomes public. Thus, all actions taken to prevent and to mitigate the operational risk work simultaneously towards the reduction of the reputational risk.
Risk of expenses (losses) sustained by the market operator as a result of mistakes (defects) made in deciding on the operator’s business and development strategy.
Principal methods of strategic risk management include:
Tax risk uncertainty regarding the achievement of a business goal as a result of factors related to the taxation process, which may manifest itself as financial losses or other negative consequences resulting from current or future events and processes in the area of tax legal relations and tax accounting, or events or processes affecting tax legal relations and tax accounting.
Tax risk may arise in all areas of the Exchange’s activities without exception, as well as have different causes (factors): both related to the Exchange activities and under its control (internal tax risks), and caused by external factors beyond the Exchange’s control (external tax risks).
The Exchange’s main goal in managing tax risks is to limit the negative consequences of tax risks (reputational, financial, personal liability for the Exchange’s management and others) for the Exchange. This goal is achieved through the use of effective tax risk management methods and mechanisms compliant with the requirements of regulators and best practices, including raising awareness of the Exchange’s management bodies of the level of risk taken when making management decisions, as well as ensuring a common understanding of tax risk and acceptable level of tax risk for the Exchange.
RISK MANAGEMENT STRATEGY
In 2022, the following Exchange and Group strategies approved by decisions of the Supervisory Board continue in force:
- Moscow Exchange’s Information Technology Strategy through 2024 (approved on 1 October 2020);
- Moscow Exchange Group’s 2024 Risk Management Strategy (approved on 29 October 2020);
- Moscow Exchange Group’s Information Security Strategy for
2021–2024(approved on 10 December 2020).
In 2022, the roadmaps developed earlier under the 2024 Risk Management Strategy continued to be implemented.
The Information Security Strategy sets out measures aimed at reducing the likelihood of actual threats to the information security of Moscow Exchange and defines key performance indicators for the implementation of the Strategy.
All principal risk takers among the companies of the Group have developed a risk and capital management strategy. The principles and processes of the Strategy seek to build, use and develop a comprehensive system of capital and risk management to ensure business continuity both in normal and stressed economic conditions, to enhance transparency of the risk and capital management processes, as well as to identify and assess significant risks in a timely manner, support capital planning and take due account of risks in the decision-making process.
With a view to maintain efficiency of the regular risk management processes:
- the following committees operate: the Risk Committee of the NCC Supervisory Board, Risk Management Committee of Moscow Exchange, Risk Management Committees of NCC Management Board and Moscow Exchange and Risk Committee of NSD Executive Board;
- a system of distribution of powers and responsibilities is in place to implement key risk management principles;
- risks are regularly identified and mitigation measures are taken;
- financial resilience recovery plans and plans for engagement of additional resources have been developed.
At the end of 2021, the Supervisory Board also developed and approved a Financial Stability Recovery Plan for Moscow Exchange, taking into account the interaction with other companies of the Group.
The Exchange is constantly developing and improving its risk management system to reduce the vulnerability of business processes and their recovery time, to improve system redundancy based on spacing and duplication of resources, and to improve the reliability of communication systems between traders, the Exchange and depository and settlement organizations.
Moscow Exchange has also established a separate market operator’s risk management subsystem that enables it to identify and assess risks in a timely manner and to develop mitigation measures. This subsystem incorporates continuous monitoring of emergencies and assessment of their potential impact on the technical processes of the Exchange’s markets, as well as updating the integrated operational and financial risk management system in line with adopted decisions and procedures.
The Exchange has developed and approved the Regulations on Managing the Risks of a Market Operator and the Regulations on Managing the Risks of a Financial Platform Operator. In addition, the Exchange has also set up a separate structural unit aiming to identify and assess risks in a timely manner and to develop mitigation measures.
In addition, the Group’s Risk Management Development Strategy through 2024 was developed and, as a followup, roadmaps were approved that include a description of specific objectives in such areas as risk management development, risk culture, deepening of core markets, balance sheet management, treasury and capital management. In particular, in pursuance of this Strategy, the Supervisory Board of Moscow Exchange approved the Group’s risk appetite indicators and their thresholds.
SHORT-TERM RISK OUTLOOK
Given that the Group’s strategy calls for the development of new products, formation of new trading markets and the expansion of the investor base, the management of financial risks will be key for the Company.
Receiving the status of a Financial Platform Operator by Moscow Exchange and expansion of its presence in the respective market entail new risks, in particular information security risks and reputational risks came from the arrival of a new category of customers — individuals.
HR risks will remain neutral, given that most ongoing activities are long-term; however, staff turnover remains acceptable. Given that the Exchange’s strategic objectives include the financial platform and balance management, regulatory and legal risks will continue to have a high impact on the Exchange’s activities; however, taking into account ongoing activities, we do not expect a significant increase in regulatory and legal risk.
Plans to modify the Exchange’s key information systems and to substitute the imported ones will keep information security risks elevated.
Strategic risks are analysed and assessed for the possibility of achieving strategic objectives, as well as substantial delays and/or negative variances in implementation of the budget for strategic projects and initiatives considering the Group’s strategy through 2024.